Cyber-security has already been a subject of increasing importance in the UK for years, but with the coronavirus pandemic forcing many organisations to implement remote work, the threat of cyber-attacks must be taken even more seriously.
One type of cyber-attack that has recently become a more frequent threat is that which uses social engineering.
What Is Social Engineering?
Cyber-criminals conduct social engineering attacks by manipulating people in ways that result in the perpetrator gaining access to property or information that they should not be privy to. Their tactics might include persuasion, impersonation or even intimidation.
Perpetrators may deploy social engineering tactics through a number of different types of cyber-attacks, such as phishing emails, fraudulent online offers or prizes, or telephone scams.
Social Engineering During Lockdown
Most employees working remotely will not have the same level of cyber-security in their homes as an employer would have in its physical workspace. As such, cyber-crime has become an even more ominous threat for organisations of all sizes and across all industries.
The frequency of cyber-attacks has noticeably increased since the beginning of the coronavirus pandemic, and new reports suggest that cyber-criminals are specifically upping their usage of coronavirus-themed attacks. These attacks may come in the form of phishing emails attempting to manipulate recipients into revealing sensitive information by preying on fear or apprehension related to COVID-19.
Given the lack of efficient cyber-security protections as employees work remotely, and the rising threat of social engineering and cyber-attacks related to COVID-19, employers should be especially cautious.
One example of a social engineering attack occurred earlier this year, when a cyber-attack campaign targeted Italian email addresses with a phishing email. This email claimed to have an attachment from the World Health Organization with advice pertaining to the prevention of COVID-19. However, after opening the attachment and following the email’s instructions, malicious software would then be installed on the user’s device, providing cyber-criminals with access to confidential information and the ability to install even more malware.
With employees working remotely, there are far more potential exposures to an organisation’s network and data. Organisations should take the time to assess and address these risks. Precautionary measures that should be highly considered include:
- Provide formal employee training, including guidance regarding specific types of social engineering threats and how to recognise them.
- Limit employees’ ability to access USB ports on company equipment in order to reduce the chance of a virus or malware infecting the device.
- Use layers of protection, such as multi-factor authentication. In the event that a password is compromised, having additional layers that cyber-criminals must penetrate reduces an organisation’s risk.
- Implement a virtual private network (VPN) in order to mask organisational data, such as web traffic.
- Review user accounts and their level of access to sensitive information. Limiting accounts to information relevant to employees’ duties will help limit potential damage in the event that any accounts are compromised.
For more information on social engineering and cyber-security, contact us today.
Contains public sector information published by GOV.UK and licensed under the Open Government Licence v3.0. The content of this Risk Insights is of general interest and is not intended to apply to specific circumstances. It does not purport to be a comprehensive analysis of all matters relevant to its subject matter. The content should not, therefore, be regarded as constituting legal advice and not be relied upon as such. In relation to any particular problem which they may have, readers are advised to seek specific advice. Further, the law may have changed since first publication and the reader is cautioned accordingly. © 2020 Zywave, Inc. All rights reserved.