New-year work deadlines and
The number of breaches spikes during this time of year simply because employees are more susceptible to the "malicious actors" who conduct cyberattacks, says Andriy Hural, managed detection and response director at UnderDefense, a Texas-based firm that helps companies mitigate and resolve cyberattacks.
Cyber-attackers "understand the psychology of us," Hural says, and
Read more:
Also, taking time off makes employees susceptible, he says. "Once we go on vacation, we lower our shields a little. We are focused on something else other than doing regular business."
Phishing that attempts to convince an employee to provide passwords or credentials, or to click on a link that downloads ransomware or a computer infection, typically begin with an interesting, urgent email that is too important to ignore and is from a seemingly familiar source, Hural says.
"They will do their best to use the exact names of your bosses, of your employees, of someone you work with," Hural says, and the message will be conveyed with "a sense of importance, a sense that if you do not do something, there will be consequences, and these consequences will be bad for you." For example, an email might say that unless the employee doesn't act, they won't be paid their January bonus or the remainder of their vacation will be cancelled.
Companies need to be prepared to respond when they spot signs of malicious activity, and they should have enhanced antivirus systems in place that can contain the spread of a malware or ransomware attack, Hural says. They should also know who is connected to their systems at all times, and whether those individuals have the right to that access. If an employee has more access than they should, "that's a signal that something is wrong," he says.
Read more:
Employees should be prompted to deploy security tools, such as company-issued password manager software that generates random passwords and updates them regularly, so that any breach in one area of the company can't cascade into other areas, Hural says.
Hural advises that, along with using password managers, employees should never store passwords in their browser, which is a surefire path for a cyber-attacker to take control of the user's email and, therefore, any accounts linked to the email for two-factor authentication. "Gaining access to your email would be the honeypot for any malicious actor," he says.
When an employee does need to work while on vacation, the company's IT staff needs to be made aware. For many companies, activity from an unfamiliar location can trigger a security alert and possibly a suspension of the employee's account, Hural says.
Besides phishing, another common way that cyber-attackers gain access during vacations is through public Wi-Fi. Hural emphasizes that employees should avoid public Wi-Fi unless they have no other choice, and if they must connect through it they should deploy a VPN (virtual private network), which provides a connection to a trusted server.
Read more:
If an employee must use a public Wi-Fi connection without a VPN, then they should avoid using email and only do work that doesn't involve transferring personal data, he says. And they should never connect via Bluetooth to unknown devices.
When a breach does occur, company IT security teams need to gather everyone involved for a no-blame debriefing to discuss missteps and how to avoid them in the future, Hural says. By creating an environment where employees feel comfortable speaking up about their miscues that allowed a breach, the security team can learn more quickly what happened and gain better insights into the root causes.
Employees need to understand that the IT security team always tracks down a cyber breach eventually, so it's best to contact the team as soon as the employee realizes there might be a problem, Hural says. Also, keep in mind that a breach can occur even when an employee does nothing wrong.
All employees at a company should be educated on cyber safety, as even low-level workers can be targeted as part of a larger scheme for a cyberattack, Hural says. Often after a breach, the person who was targeted doesn't know why.
"If you're an important person in the organization and they want to get to this organization, they might want to compromise a couple of your employees," he says. If you're a lower-level employee, "you might be just a tool to get to the object."
