SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

Protecting remote staff from phishing attacks – WatchGuard

Has your business bid farewell to the old school way of working, which sees employees spending eight hours a day in the office, in favour of a flexible, work-from-anywhere set-up?

While organisations which embrace the latter model can enjoy benefits aplenty, ensuring off-site employees don't fall victim to phishing attacks – and lay the enterprise open to compromise and economic loss in the process – should be a key priority for Australian businesses.

Going with the mobile flow

The number of Australians choosing to work away from the office for some or all of the week continues to climb.

In 2016, Australian Bureau of Statistics figures suggested a third of Australian workers were ‘on the tools' at home on a regular basis.

More recent research from the International Workplace Group (IWG) suggests that number has risen significantly in the intervening three years.

Close to 50% of Australian employees worked remotely for at least half the time, according to a 2018 survey by IWG.

Two-thirds of survey respondents spent at least a day away from the office every week.

Such arrangements can represent a win-win for both parties.

Being able to achieve a modicum of work/life balance, courtesy of being able to set their own hours and fit personal commitments into the working week, is a boon for many employees.

Businesses, meanwhile, can reap the benefits that flow from a happier and more contented workforce – typically improved productivity and lower staff churn.

Gone phishin'

Making sure employees working remotely don't become a weak link in the security chain has become a significant challenge for IT departments and security professionals.

Latest figures from Australia's privacy watchdog, the Office of the Australian Information Commissioner (OAIC), show there's plenty to be nervous about.

In the first quarter of 2019, the OAIC received 215 notifications of significant data breaches; 61 % of them the result of malicious or criminal attacks.

Of these 131 breaches, two-thirds involved cyber-incidents, such as phishing, malware and ransomware.

Meanwhile, phishing and whaling attacks have become considerably more sophisticated than once they were.

Gone are the days of crudely recreated logos and poorly written exhortations to send money or take urgent action to prevent impending legal proceedings.

In their place are personalised and credible messages which can tempt even the cyber-savviest of recipients to respond as directed.

Ensuring employees aren't suckered into doing so – or at least reducing the likelihood of its happening – calls for a concerted strategy.

Deploying a simple, low-touch solution to protect workers and the enterprise, regardless of location, device and circumstance, should be a critical component of that strategy.

Such technology is a must-have for any business that's serious about protecting itself from the economic, reputational and legal fall-out that can follow a data breach or system compromise.

For some organisations, that will necessitate decommissioning legacy technology which focuses on protecting the perimeter in favour of a new generation alternative which recognises that, in a mobile working environment, the perimeter no longer exists in anything approximating its traditional form.

Taking a long-term view

But technology, however powerful, is not a complete solution.

Prevention is better than cure, as the old adage has it, and when it comes to phishing attacks, education is one of the best forms of prevention there is.

Not just in the form of awareness training as part of the induction process, reinforced with annual or semi-annual refresher sessions, but in-the-moment education, delivered via email alert, immediately a potential breach has been averted.

The power of these ‘teachable moments' should not be underestimated.

They can be instrumental in upping employees' cyber-security awareness and reducing the chances of their being sucked in by a plausible phishing scam on a subsequent occasion.

Time to start taking care of (mobile) business

Remote working is fast becoming the norm and Australian businesses which don't offer their employees the option of doing so where practicable, for some or all of their hours on the job, will soon find themselves outliers.

Being cognizant of the threat phishing and whaling attacks pose, and taking steps to ensure employees, both on and off site, don't fall victim makes sense for companies which want to enjoy the benefits of flexible working, without endangering the enterprise in the process.

Follow us on: