WFH Cyber Security Reminder

With the increased need for many to work from home starting last week, many organizations (including ours) noticed the increase of cyber attacks and phishing emails sent to individuals on our teams. Amidst the Global COVID-19 pandemic, unfortunately, we need to keep our wits about us and safeguard ourselves in more ways than one.

Over the last few days, I've received a few phishing emails sent from seemingly legitimate Companies like Microsoft & Intuit that asked me to click and confirm my account because emails or transactions were not being sent or executed. Right away, I alerted my team to be aware of these emails, double-checked my accounts to ensure they had not been compromised, and deleted the suspicious emails.

Below are a few tips for you to share with your team and staff (working onsite or remotely):

1. Phishing Emails – always come with a link or "confirm" button. Hover over (but don't actually click) the link to see if the address the link is going, is actually going where it is supposed to go.  For eg. The phishing email from Microsoft was going to a random address and not to anything that looked remotely like Microsoft. (Not 100% fool proof, but is definitely a 1st line of defence).

2. Suspicious Attachments & Links - Do NOT click on links or open attachments unless recipient is sure the info is from a reputable source.

3. Fraudulent Funds Payment Requests – Beware of requests for money transfers or gift-card purchases coming from seemingly authentic manager emails. In these situations, train staff to double check the email address carefully as fraudsters will try to mimic the email as closely as possible with very minor differences. It is also best practices to have a strong control environment, where staff cannot wire money without an approval. It's also a good idea to confirm significant transactions over a certain $ amount with a Manager.

4. General Awareness - If an employee suspects anything that seems out of the ordinary, go to the source directly or confirm the suspicion with a manager before taking action. Report the activity to the organization being impersonated, if applicable. 
   
   Have you had any experiences mentioned above? Leave us a comment on how you and your team keep safe from cyber attacks.