How to proactively manage your IT systems during a crisis
Identifying and acting on phishing attacks
We are in unprecedented times. Never before has the workforce of the country been told to work from home collectively. Obviously some businesses are unable to operate in a remote environment and sadly for many it means they have to cease trading. Before the lockdown came into effect we spent many weeks prepping our clients for the possibility of a move to a fully remote working environment. For the vast majority of them this was an unprecedented move although many had individuals working from home on occasion but not the entire workforce. Now we continue to deliver support and ongoing maintenance of their systems to them remotely with the same level of proactivity and responsiveness as before.
It is not to be unexpected that cyber criminals will take advantage of the fear and uncertainty in these unprecedented times and there are a number of new phishing emails circulating. Combined with large numbers of workers moving from a trusted, secure office environment to remote locations presents an even greater opportunity to the scammers.
So it is now more important than ever that employees are informed and educated on how to identify and act upon the latest threats.
To help guard against the increased risk posed by phishing attacks, here are eight tips on what to looks out for and how to act:
1. Be suspicious of any emails that refer to Coronavirus or COVID 19
Even if they appear to come from a trusted source.
2. Don’t trust the display name
Ignore the display name of the email and instead check the full email address of the sender to confirm it comes from a genuine company account.
3. Beware of urgent language
Designed to make people act quickly before confirming the legitimacy of the email, urgent requests and call to action should be considered carefully.
4. Beware of broad, impersonalised salutations
Some phishing emails are still sent on mass and will use broad greetings such as, “Dear customer” or “Dear contact”.
5. Don’t click or download any links
Posing a large risk of infecting your computer with malicious software, users should avoid downloading or clicking any links not from a trusted source. Hover the cursor over the link for the real web address it will direct you to.
6. Watch for misspelt words or poor grammar
These are easily identifiable signs of a suspicious email.
7. Check the branding of the email
Double check that any company branding in the email matches the official and latest branding on the company website. Be wary of any variants.
8. Report any suspicious emails immediately
If you feel you may have downloaded a damaging link, report it to your manager or the IT team immediately. Also, report any suspicious looking emails to the IT team, who can flag these and ensure other users are not caught out.
Phishing emails are becoming increasingly sophisticated and difficult to spot. Some may even appear to originate from a co-worker or manager. Following these steps will help to avoid being caught out, but no employee should be afraid to admit if they feel they have made a mistake. It could happen to anyone - including the boss!
As employees settle into working from home, be sure to share with them regular reminders, tips and education material on what to look out for, as well as encouraging them to report anything suspicious. These steps can help minimise the risk posed by phishing attacks.