Increased use of personal computers and phones to conduct our work remotely
Increase in phishing emails targeting remote workers
Increase in vishing calls to our personal phones targeting remote workers
Start with awareness. Educating your employees on why phishing/vishing is harmful and empowering them to detect and report phishing attempts is a key element of protection. For more information, please visit Rapid7’s Phishing Awareness Training
Teach them phishing prevention/verification tips. Phishing tips have been pretty standard and include looking for suspicious file attachments and malicious website URLs, promoting good credential behavior, and keeping systems patched for the latest vulnerabilities. For more information, please visit Rapid7’s Phishing Attacks: A Deep Dive with Prevention Tips
Teach them vishing prevention/verification tips. Vishing tips aren’t as well known, but include basic common-sense approaches, including:
Asking for their name to look-up in the company directory
Asking for internal company information to verify their knowledge
Asking for a call back number to verify where they are calling from
Asking for their supervisor’s name to look-up in the company directory
Avoid emotions, especially if the caller is using an incident to collect information
Practice, practice, practice. Companies need to regularly (every 3 months is a good cadence) phish/vish their employees to give them practice at recognizing AND reporting these attacks. For more information, please visit Rapid7’s Tips for a Successful Phishing Engagement
Wellframe CTO Mohammad Jouni discusses the current state of telehealth privacy and security amid a rise in use during the pandemic, addressing the need for a telehealth standard to address vulnerabilities.
Ransomware, insider threats and shoddy access controls are at the heart of many compromises against the water and wastewater industries. So are tools like Remote Desktop Protocols that have become increasingly popular since the COVID-19 pandemic.