Are you prepared to protect your remote workers from phishing attacks?
Almost as soon as the COVID-19 pandemic sent office-workers home, cyber-criminals began their attacks—taking advantage of fear, uncertainty, and doubt to get people to make decisions they might otherwise not make.
In January, the criminal enterprise known as Mummy Spider launched a phishing attack, posing as a public health organization to distribute its Emotet malware. The following month, Pirate Panda, criminal hackers based in China, used coronavirus themes as a lure. Employees working remotely at home are particularly vulnerable to attacks like these, and so the companies and organizations they work for face new threats.
Even in normal times, remote work presents a number of serious cybersecurity challenges because there are so many more threat vectors. People are working on devices that haven’t been vetted, much less protected by next-generation security products. Many companies lack the tools to assess these machines before allowing them access to their networks.
As for the employees, they’re all adjusting to a very difficult situation. This would be hard even if it weren’t taking place in the midst of a pandemic. The bad guys know this, so they’re trying to leverage this confusion in order to gain access to resources they could otherwise not access—things that may have been caught by a simple helpdesk call.
Here at Quest, if someone gets an email they suspect might be a phishing attack, they can knock on my door. Now, we’re seeing tech-support attacks, in which someone gets access to a company’s email, sends notes to every one of their employees posing as a tech support person, and—BAM! They give away the store, whether it’s a wire transfer or database access.
Most companies aren’t prepared for something like this. They don’t have a workflow plan that allows their employees to access their database server safely. And now these folks can’t get to the data they need to perform their daily work functions. That’s what caught a lot of employers flat-footed. And without being able to facilitate secure interactions with their employees, they’re just scrambling.
All of this has opened a lot of companies’ security posture to a best guess approach, and that’s really frightening. There are companies that are going to go bankrupt over this.
For a lot of companies, one clear solution is to offload everything they can into a cloud architecture. That immediately alleviates many of the pains that they’re feeling today. For example, say the IT employee responsible for the company’s server can’t come to the office, but if everything is in the cloud they have a whole team to back them up. We’re finding that this is something tangible that businesses can do right away.
And for almost any company that has most of its people suddenly working from home, the easiest and best thing they can do is install virtual desktops on employees’ devices.
A virtual desktop is really just a visual display and keyboard input. There’s no actual interaction between the virtual desktop and the company’s servers. They don’t need any tricky software deployed; they don’t need a client loaded or managed on their PC or mobile devices. And if their PC or devices become infected, it can’t spread to the network.
We can install hundreds of desktops in a matter of hours. We’re able to extend that company’s security posture to that desktop. Now, while somebody’s accessing that remotely, none of the things they’re doing on their local PC or devices can hurt that virtual desktop.
Quest is a very large provider of virtual desktops and can handle large projects. If somebody came to me and said “Jon, I need 1,000 virtual desktops spun up today,” I can say, “Not a problem. Sign here.”
In my next blog post, I will share more information about security challenges presented by a remote workforce, and steps you can take to meet those challenges. Until then, don’t hesitate to contact me.
Thank you for trusting us to help with your cybersecurity and remote workforce needs.
Contact us any time—we’re always happy to help.