Working from home: tell staff about phishing & data leakage [template e-mails included]

Image result for cyber hygiene
Source: gcn.com

It comes as no surprize to us, as security professionals, that hackers have been exploiting the COVID-19 situation in a series of Corona-themed scams – take this recent message from Interpol, for example.

With the progressive (or not) implementation of lock down-like restrictions across the world, companies are turning to remote working to ensure business continuity. This exposes staff to phishing and social engineering attacks that leverage the limited contacts with their colleagues and the unusual context in which they operate. Staff is also likely to bypass some of the usual security measures to keep working.

This is why we’ve been rolling out a short and simple communication to all clients where we operate as CISO-as-a-Service, composed of two emails – which we’ve included below in English:

  • Mail 1 – Focus on phishing risks
  • Mail 2 – Focus on data leakage

Obviously, these emails need some tailoring and are not exhaustive, but they’re a useful reminder in our opinion. So, we thought we’d share. They’re below.

Interested in the french or dutch version? Just contact us.

.

Mail 1 – Phishing

Dear colleague,

The COVID-19 crisis is imposing a different way of working for our company. Unfortunately cybercriminals are already abusing this situation: they try to take advantage of the increase in employees working from home and without colleagues contacts. Here is some advice.

Phishing remains a hacker’s favourite.

  • Beware of suspicious messages, e.g. referring to confidential or urgent operations
  • Remember: hackers also use SMS, Whatsapp, etc.
  • If the message contains links, verify them before you click
  • If the message contains attachment, verify the validity of the message before opening it (sender, content)
  • An emergency related to Corona? Careful, this could be a scam
  • If you get any request you find suspicious or unusual, try to verify the identity of the sender through a different channel (e.g. phone) or discuss with another colleague

Sharing is caring

If you notice something suspicious or you think something went wrong, please notify your security department or IT operations to help limit the impact. It is sometimes a matter of hours between a failed attack and a successful attack: your help is crucial.

Let’s all work towards staying safe in the cyberspace too.

Your Security Officer
<e-mail>
<intranet site>

Some useful resources:
– Take the Phishing test: https://www.safeonweb.be/index.php/en/take-phishing-test
– Spotting dangerous links / URLs: https://www.ing.be/en/business/my-business/secure-business/how-to-read-a-url
– Examples of COVID 19 scams: https://www.interpol.int/News-and-Events/News/2020/INTERPOL-warns-of-financial-fraud-linked-to-COVID-19

.

Mail 2 – Data Leakage

Dear colleague,

The COVID-19 crisis is imposing a different way of working for our company. Unfortunately cybercriminals are already abusing this situation and are hunting for our mistakes, in these troubled times. Here is some advice.

Our security keeps hackers away: use it.

  • Use only your company laptop. Don’t work from your home computer unless approved by the company, it is not protected in the same way.
  • Use only corporate file sharing solutions. Don’t send corporate data from Dropbox, Wetransfer, etc. or your personal e-mail address, these have not been secured by our IT team.
  • Advanced tip: check that your Windows operating system and anti-virus are up to date.
  • In case of doubt or issue, contact IT.

Sharing is caring

If you notice something suspicious or you think something went wrong, please notify your security department or IT operations to help limit the impact. It is sometimes a matter of hours between a failed attack and a successful attack: your help is crucial.

Let’s all work towards staying safe in the cyberspace too.

Your Security Officer
<e-mail>
<intranet site>

NB: Guidance on the use of our corporate file sharing solution can be found <insert here>

One thought on “Working from home: tell staff about phishing & data leakage [template e-mails included]

Leave a Reply