The holidays are bound to look different this year. One area that won’t be changing is the barrage of online shopping ads and impending cyberattacks. Unlike in previous years, every day is now Cyber Monday. According to Convey’s 4th Annual holiday survey, 39% of respondents will start holiday spending earlier, and 82% will do most of their shopping online.
Habits are changing, and people are more vulnerable than ever before. With the significant shift to work from home (WFH), many employees use personal devices to conduct work, utilizing their personal email accounts, unsecured networks, and leaving themselves susceptible to attacks. More than likely, this could lead to more cybercrime than ever before.
Last month the FBI issued a press release warning about scammers soliciting donations for groups and areas affected by COVID-19. One such example is an email claiming to be from the Department of Health asking for donations. Rather than the link leading to the ‘intended’ website, a malicious application or website opens. Similar messages might have malware disguised as Word document attachments. While individuals are the target of most of these attacks, because many employees use personal devices for business, the chances that an incident could affect the individual and the organization increases dramatically.
The holidays have always been a peak time for cloned websites, charity fraud, and mock order confirmations. It’s hard to imagine how it could get any worse, and yet, security experts expect the attacks will continue escalating. As this is the case, every MSP should be working diligently to educate their clients to be wary of these scams and offer them solutions to circumvent email attacks.
IT professionals must ensure their clients implement tight controls and utilize comprehensive precautions to lock down the environment. Education is also vital in guaranteeing that the staff understands what to look for, especially during the holiday season.
Revitalize Email Security
While many email services offer basic anti-spam and malware protection, they do not provide nearly enough defenses. Additional measures are necessary, such as implementing comprehensive email filtering that stops spam, viruses, and malware. For example, in Mailprotector’s CloudFilter, clients can build and customize policies to hold any message containing harmful or rule-violating content for review. Hacking doesn’t always start from the outside. This solution also filters outbound messages, so sensitive information such as trade secrets or financial data isn’t accidentally sent out.
Encryption is also critical to safeguarding corporate information. Your clients will not have to worry about whether their data is secure or not when they use distributed, multi-layer encryption when sending and receiving sensitive email messages. An excellent example is Mailprotector’s Bracket, which is not only ultra-secure but incredibly easy to use – all you need to do is wrap the email subject in brackets! Other features to ensure ultimate security include device fingerprinting, geolocation sign-ins, and one-time-use links.
Of course, this all means nothing if your client’s employees use their personal emails for business purposes and vice versa. For this reason, staff education is paramount.
Conduct Employee Awareness
It’s hard to blame people for something they don’t know or understand. Even the most advanced email security software cannot overcome team members’ negligence. Though regular phishing training might already be part of your repertoire, consider asking your training vendor about a holiday-focused educational session.
As always, charitable organizations will be making one last push before the end of the year. With COVID-19 relief messages among the mix, cybercriminals are sure to take advantage of people’s charitable interests. As many employees working from home, there must be a general understanding that personal and business emails are to be used for those specific purposes. Once this concept is understood, discuss the nitty-gritty.
Your customer’s employees will encounter many types of phishing scams, such as cybercriminals claiming to be charitable organizations, offering a fantastic deal from Amazon, or disguising a malicious link as a shipping confirmation site. In this season, and throughout the rest of the year, educate staff on the following:
- Never open links in an email, even if it seems to be from a legitimate source.
- Take advantage of the promotion by going to the site directly.
- If they receive a charity message, verify that they are authentic by searching for the website and reviews.
It always pays to do your homework.
Add Value During the Holidays
2020 has been a challenging year, and your clients may be feeling more vulnerable than ever. Ease their fears entering the holiday season with first-rate email security and educational sessions that will prepare their employees for the phishing schemes that will inevitably enter their inboxes.
Not only is this an excellent opportunity to build your stack and present your expertise, but it’s a sure way to foster more trust with your clients and prospects.