As things continuously change and more organizations are calling back employees, hacker are targeting returning employees as they are becoming easy target.
Hackers are proactive and creative resulting in them changing security breach tactics as a result from COVID-19 restrictions being lifted and employees returning to offices. There is a new phishing campaign that is targeting those in the physical workplace as a welcome back message from a c-level executive.
The phishing email will look legitimate as has the company’s official logo in the header and was signed by a spoof C-level executive. The hackers also show the companies precautionary measures and changes to its business operations that it is taking in response to the pandemic.
Hackers are targeting returning employees and managed IT services Toronto providers have been actively working at stopping such cyber threats from impacting companies.
There are also other fake emails that include employees being tricked into believing that they are receiving an email from their company that redirects them to what looks like the company Microsoft SharePoint site. If you or your employees engage with these documents, it becomes apparent that they are not authentic and instead are phishing mechanisms designed to steal account credentials within moments.
If this happens, you should immediately alert your managed IT services provider or IT department.
A new hacker phishing technique
Managed IT services providers and managed security services providers have identified a new technique used by hackers called cloning of validated credentials. If the login information is entered incorrectly the first few times, the panel will respond with an error message that states: “Your account or password is incorrect.”.
As soon as the employee enters their login information a few times, they will be redirected to a Microsoft page. In this manner, the employee would seem to have access to his OneDrive documents since their login information appeared to be correct.
Cyber criminals that are good actors pose a serious cyber security threat. As the shift towards more workers working remotely has led to an increase in the number of cyberattacks attempting to exploit remote login credentials. It is very likely the number of cyberattacks targeting on-premises networks and office-based workers will also continue to grow over the next few months.
Businesses are embracing hybrid work. It can lead to greater employee engagement, better-satisfied teams, and more productive enterprises at a time when jobs are at record highs.
As we embrace this new world of work, it’s easy to overlook one of the biggest challenges, maintaining proactive cybersecurity.
Hackers are targeting returning employees but here a few simple tips to protect your organization that you can discuss with your managed IT services provider.
- What are you cyber security risks
During the COVID-19 pandemic, online fraud rose 70 percent due to increased working from home. COVID-19 pandemic testing scams and QR code hacks were among the many cyber security threats. Cyber security leaders need to proactively stay ahead of the cyber security risks by identifying new threats and having better preventive controls.
Weak cyber security should also be discussed with the rest of the company, your IT department, and your managed IT services provider. Organizations face financial losses as well as an increase in anxiety among employees. Proactively protecting against cyber security breaches and ransomware is essential.
Organizations need to raise cyber security awareness as well as know that the managed IT services provider is there to help if they have any concerns.
- Use email strategically
Email is one of the easiest and primary ways hackers to break into businesses as they create fake email accounts that appear to be mostly a senior teammate or c-level executive at the company.
Managed IT services providers are helping organizations reduce their reliance on email for communications by using more channel-based messaging apps such as Microsoft Teams as they are more secure and easier to share than email chains.
- Give employees the right tools
Managed IT services providers and IT departments must ensure the needs of employees are met. The risk of sensitive data leaving the organization increases if employees find a way. Shadow IT practices cannot be undone once they’re implemented. With a dedicated security and compliance ecosystem, enterprise-ready collaboration tools can easily integrate with security staples.
- Manage user accounts and devices
Many workers are using their own WiFi resulting in organizations needing to create a new cyber security baseline. Organizations need to take control of their identity in a hybrid workplace to keep information secure. They need to ensure the appropriate people can only view your data, no matter where they are, with session duration metrics and two-factor authentication.
Organizations should discuss with their managed IT services providers or IT department additional cyber security measures to guard against users and devices that are jailbroken or rooted, including session management tools, default browser controls, and the ability to block jailbroken or rooted devices.
- Change your mind set about cyber security
Due to recent events since COVID-19 pandemic, the work environment and the cyber security environment have drastically changed the same way workers changed and cyber security threats changed.
Organizations need to allow managed IT services providers or their IT department to be able to secure work-from-home spaces in the same way they protect offices. They need to provide enterprise-grade tools for remote and hybrid workers such as office suites and collaboration tools that will ensure they will not need to use non-enterprise grade or non-sanctioned platforms.
Cyber security always comes first.
Why ransomware attacks avoid the cloud? Simple, it is much easier to secure.
We offer a complimentary data breach scan that will be able to review if your credentials have been compromised by hackers.
We are the leading IT managed services Toronto. Our boutique Toronto IT consulting firm specializes in award winning Managed IT Services, Managed Security Services, Tech Support Services, Cloud Services, Cyber Security Training and Dark Web Monitoring, Business continuity and disaster recovery (BCDR), IT Support Services, and IT Outsourcing Services.
We Make IT Simple!