As we enter a new month of remote working due to the COVID-19 pandemic, it’s clear Canadians can’t afford to let their guard down. The Canadian Centre for Cyber Security (CCCS) recently reported that it had taken down 1,500 COVID-19 themed websites or email addresses aimed at fraudulently convincing Canadians to click by pretending to be legitimate organizations. And that’s consistent with the recent lure Proofpoint uncovered that claimed to be from the Public Health Agency of Canada.
Information surrounding the pandemic continues to come in at an unrelenting pace. When coupled with the challenges of remote work, it can be difficult to spot fraudulent attacks as they are often carefully engineered to encourage user action. Threat actors are closely following the COVID-19 news cycle to see how Canadians are adapting their work and personal behaviors to adjust.
Below are a few immediate ways remote employees can stay secure, and an infographic for easy use as well.
- Watch for video conferencing emails that are unexpected and have a sense of urgency. We’ve seen an increase in threat actors sending customized, fraudulent emails using trusted brands that try and trick users into clicking and providing their credentials.
- Be wary of shipping notifications that aren’t anticipated. The Canadian Post recently reported that it’s been experiencing parcel volumes typically only seen during the holiday season as more and more Canadians are shopping online. Cybercriminals have been known to use fake package email notifications as a method to lure victims.
- Confirm all financial transactions verbally. Avoid email scams by directly verifying all payment requests and invoices are authentic. Business email compromise (BEC) and email account compromise (EAC) have cost organizations worldwide more than $26B over the years—and the risk has increased as more employees are remote. During BEC attacks cybercriminals often impersonate trusted people, like a company’s CFO, over email to gain access to company networks or convince an employee to wire funds and/or transfer sensitive data.
The best enterprise protection against attacks targeting remote workers is a combination of technology and people. With the uptick in COVID-19-themed phishing attacks, it is vital that organizations invest in advanced email security solutions to detect and block as much of these threats as possible, removing the guesswork from users. We recommend prioritizing a people-centric approach to security that protects all parties (employees, customers, and business partners) against threats. This includes layered defenses at the network edge, email gateway, in the cloud, and at the endpoint, coupled with strong user education.
We also encourage all remote workers to connect with their IT departments regarding any needs or concerns, and to ensure they are using a secure Wi-Fi connection, company VPN, and strong passwords. For additional Canadian cybersecurity recommendations on safe remote working, please visit the CCCS site: https://cyber.gc.ca/en/guidance/cyber-security-tips-remote-work-itsap10116