Email Fraud, Phishing, Vishing and Malware: Preventing Cyberattacks

With remote work arrangements now more common than ever, cyberattacks may soon become your company’s biggest threat. Why? Because the daily hacking attempts typically brushed aside by your firewalls and IT security teams aren’t nearly as protective for a scattered workplace.

To educate your employees, here are the most common cyber threats they may face.

Phishing

Phishing is an attempt to gain personal information (social security number, birthday, login credentials, account information, etc.) by masquerading as a reputable person in some form of communication, typically via email. Hackers and scammers may impersonate a legitimate company and send fake emails to solicit this information or distribute malicious links or attachments that perform some function to capture data.

Vishing

Vishing, or voice phishing, takes phishing one step further by spoofing a legitimate phone number and posing as an IT help desk to solicit personal information. These calls may even be routed to personal cellphones, making it harder for organizations to catch. While vishing attempts are a newer to the security threat club, they are increasingly prevalent.

Malware

Malware is a type of computer virus that is typically disguised as an innocuous program, email attachment or link. These viruses infect computers and can do any number of tasks, typically hidden to the user. For instance, they might store password data, track website activity or download personal files.

Steps to Preventing Cyberattacks

To combat against these threats, here are some solutions to help keep your employees, customers, and customer data safe.

Tips for Employees to Prevent Cyberattacks

1. Always look before clicking anything in an email or downloading any files and programs.
2. Question everything you see in an email to see if it’s fraudulent. Is the sender’s email address legit? Are attachments embedded? Is the subject line referencing anything out of sync with your company’s system? Does your branding accurate?
3. Hover above links in an email to see where the link points. If there is no link or the link looks unreadable and unfriendly, it could be dangerous. Do not click on it.
4. Ask yourself if you were expecting an email from that sender. Even if the answer is yes, still use caution – especially if there are links or files attached.
5. Don’t accept an unsolicited email that is requesting information as genuine if you weren’t expecting it. Pick up the phone and call the company to confirm, as sometimes hackers have access to the sender’s mailbox.
6. When in question on validating whether an email is legitimate, ask others around you and/or send the email to your IT team for verification.
7. If available, utilize the “Report Message” button in your email system to flag questionable emails and links to your IT department to help protect others in your organization.
8. When taking or making a call to a familiar number and an unfamiliar voice is heard, verify the caller’s identity by asking their name and organization web address.
9. Don’t reuse login credentials from site to site, and especially never between work accounts and personal accounts.

Tips for Employers to Prevent Cyberattacks

1. Train employees to identify and report a potential security breach or hacking attempt.
2. Install proactive software to minimize hacker threats.
   a. Behavior Analytics Tracking Software monitors an employee’s computer habits and identifies when a user is displaying abnormal computer usage
   b. Automated Threat Detection Software automatically scans files to detect malicious programs.
3. Set clear work-from-home guidelines, such as acceptable technology and work locations. Locations with unsecured networks should never be used.
4. Require two-step verification for employees where they must sign in with a password and then receive a code to their phone to verify the login attempt.
5. Remind employees regularly about security concerns, preferably once a quarter. Provide real life examples of security hacks and discuss how they could have been avoided.
6. Keep software up-to-date, as most cyber attacks exploit software vulnerabilities.

Unfortunately, cyber scams will only become more commonplace and sophisticated in the future. To help protect our client data, Stratus.hr has an independent verification and audit done each year to maintain its SOC 1 Type 2 certification. While this elective step isn’t required by the PEO industry, it provides clients with peace of mind that their information is protected with the highest degree of data security. (Not sure what a SOC 1 audit is? Learn here.)

To ensure data entries are authentic, Stratus.hr provides custom-built software and an employee app that enable clients and employees to securely log in and make changes themselves. This prevents service reps from having to decipher whether a fax, text, email or phone call are truly authentic, and the software has built-in security features to ensure any changes made are authorized and are not transmitted in an unsecure portal.

For more information on how to better protect your organization, please contact our experts at HR@stratus.hr. Not a current client? Book a consultation and our team will be in touch with you shortly.

Related articles:

• CyberSecurity Alert Heightened: What Are You Doing About It?
• Workplace Security Threats: Are You Doing Enough?
• Unemployment Scam Alert: COVID-19 Edition
• Coronavirus Scams on the Rise: Tactics to Know