In the last year many of us have learnt how to work remotely. In fact 1 in 3 workers are still working from home now.
It has been fantastic to see such a strong uptake in cloud-based software and online tools to help collaborate whilst we have been working apart.
An unfortunate outcome of remote working has been an increase in cyberattacks, phishing scams and data breaches.
This time last year research from Apricorn found that 57% of UK IT decision makers believed remote workers would expose their organisation to the risk of a data breach.
Impersonation fraud increased by 84% in the first half of 2020, with almost 15,000 reports and £58million lost, according to UK Finance. Action Fraud says that it received 14,893 ‘computer software service fraud’ reports between October 2019 and September 2020, with reported losses reaching around £16.5million over that period.
The move to remote working was a rushed transition for many businesses, and unfortunately the implementation of data protection practices were overlooked or overshadowed by the urgency of getting workers online and working from home as quickly as possible.
Many employees of smaller businesses started using personal laptops and computers for work, that weren’t configured with optimum security and encryption controls.
Phishing scams are not going anywhere, so it is important to make sure your staff understand the threats and possible outcomes.
They need to understand they could be one click away from putting the business at risk but also given the reassurance that if they do fall victim, they shouldn’t be scared of the repercussions of reporting the mistake through appropriate channels so data breeches can be mopped up.
A simple lesson is looking out for poor spelling and grammar, as they are a big indication of a cyberattack. Unusual URL links and email addresses are also a giveaway. We would always say - if in doubt, don’t click on the link and refer it to your IT manager.
Cyberattacks get more sophisticated every day and can come over any medium where data is shared.
Types of phishing includes:
An email to a large group of people that appears to come from a legitimate source that aims to trick you in to clicking a link or downloading a file
This is a more targeted method where an individual is researched and targeted with a bespoke message to trick them
Similar to spear phishing, these attacks involve prior research to help appear legitimate, and will target an executive level team member
Fraudsters infiltrate an executive’s account, and use it to trick their contacts in to sending them money
Attackers clone a legitimate email and then change the link or attachment to benefit them
This method gets the victims to call them back and enter a PIN number or account number over the phone
This targets people using cloud-based apps and mobile devices who are remote working. They use application prompts to tricks users in to agreeing to grant access to their data
ATP helps prevent phishing attacks and natively protects all Office 365 applications.
Microsoft describe how it works as:
“The service leverages industry-leading intelligence fuelled by trillions of signals to continuously evolve to prevent emerging threats, like phishing and impersonation attacks. As part of Microsoft Threat Protection, Office 365 ATP provides security teams with the tools to investigate and remediate these threats.
“Microsoft Threat Protection stops attacks across Microsoft 365 services and auto-heals affected assets. It leverages the Microsoft 365 security portfolio to automatically analyse threat data across identities, endpoints, cloud applications, and email and docs. By fusing related alerts into incidents, defenders can respond to threats and attacks immediately and in their entirety, saving precious time.“
For more information on protecting your business from cyberattacks with Microsoft’s products, get in touch with the etac solutions team today!Back to Blog