For most businesses, the pandemic has been a rush of implementing new policies and procedures while, at the same time, trying to keep end-user Cybersecurity fortifications intact. Organizations that acted early following the shelter-in-place safety procedures are still focusing on maintaining or improving their Cybersecurity needs.
Most users can work from home and many have implemented tools to allow for a remote workforce. Many firms are adding collaboration tools to their remote strategy with the hope of improving teamwork and collaboration more efficiently. However, this new workflow and new tools can expose your business to additional risks.
At Clare Computer Solutions, we have uncovered at least two troubling new trends to keep an eye on:
Consent Phishing
Phishing has been known for its pervasiveness for some time. However, there is a significant rise in a more nuanced type of phishing known as Consent Phishing. Consent Phishing targets end users’ personal information. This attack does not demand account credentials. Instead, this style of phishing tricks users into providing their credentials to a malicious hacked application. Earlier this month, Microsoft noted this threat as a threat to keep an eye on.
In a Consent Phishing attack, the attacker will use an authorization such as Azure Active Directory. Note that the application is configured in a way that makes it appear trustworthy. Consent Phishing attacks prey on the same social engineering tactics regularly used by effective hackers.
Double extortion
Another type of Cyberattack being seen today is a variation of a ransomware attack. Even if your firm has implemented robust backup and/or disaster recovery solutions, hackers can still do harm (i.e., infrastructure lockouts or requests for large ransoms). Attackers will threaten to release company data onto the dark web unless the ransom is paid. Such a release could cripple your business’s reputation, as well as impact your users’ ability to work.
While the work environment and landscape have changed under the COVID-19 pandemic, the tactics to compromise your business have not and are constantly evolving. Today we see more businesses receiving large amounts of COVID-related SPAM and phishing communications.
It is not all doom and gloom. We have seen employees being much more careful about using devices in ways that can compromise businesses today. More companies are investing in more tools and User training, including implementing Multi-Factor Authentication (MFA), getting remote workers on secured and hardened Virtual Private Networks (VPN), and subscribing to Managed IT Security Services backed by our 24×7 Security Operations Center (SOC).
The one constant we see continuing as we come out of this pandemic is that businesses will continue to embrace a remote workforce. As such, a solid remote work from home solution and Cybersecurity response plan will be critical to the business’s continued success.
At Clare Computer Solutions, we take Cybersecurity very seriously. We are continuously evaluating and improving our tools and our service offerings to provide our clients “best in breed.” We invest heavily in staying on top of emerging threats and employee training. Clare’s Cybersecurity philosophy is a blend of speed, agility, and thoroughness with monitoring and mitigating emerging threats. We do not just wait for alerts to come in. We monitor the dark web, we look for anomalies in systems and endpoints and we maintain close relationships with partners, vendors, and IT communities who see things happening in real-time.
Feel free to contact us directly if you want to learn more about how to complement your IT Support Strategy with a Cybersecurity Strategy and how we are helping our clients mitigate their risks.
