This is it, this is your first major warning, don't dismiss this message as just another mass-marketing exercise because it's not that, not even close. I'm pissed off and I've got something very important to say so please, for the sake of your business listen up and tell everyone you know.
There are people in this world who are taking advantage of the COVID19 situation and they will target you, by the time you read this they have probably already tried and they will keep on trying. Right at a time when the world can least afford it there are internet scammers trying to infiltrate your business and your data right now. In this new world that we are all just beginning to discover a large proportion of the workforce is finding itself working from the safety of their own homes. While social isolation and working from home is surely a great tool in the battle against the COVID19 Coronavirus it can be devastating to the digital security of your business.
Now is the time to remind all of your employees, colleagues, family, neighbours, friends and anybody else who will listen that you are extremely vulnerable to email-based scams, far more so than you ever have been in the past. With the massive rise in working from home comes a proportionately massive increase to your digital security. We, as the I.T. professionals who manage your business I.T systems, in a corporate network we have many methods and tools to help keep your networks and your data secure, we use those tools every day and not a day goes by without us detecting and preventing some kind or other of digital attack against our clients' systems.
In this brave new world of rapidly deployed work-from-home solutions we find ourselves battling with brand new domestic network environments that were never designed with security in mind. Even though all of our work-from-home solutions have a strong focus on security we cannot completely overcome the digital security inadequacies we are faced with in domestic computer networks. This means that that you, the computer operator must play an even greater role in protecting the digital security of your business.
Some of you reading this might be thinking:
It doesn't really matter to us, we could lose all of our data and still be alright.
But you'd be wrong....
Last year one of our real-estate clients lost around $70,000 all because someone within that company was suckered in to believing an email that convinced them that it was legitimate. That person followed a link in the scam email and unwittingly provided the scammers with their email username and password. The scammers used this information to modify the bank account details contained within a legitimate email with the end result of the real estate business transferring a large sum of money to the scammers thinking that they were paying a legitimate bill, they weren't and they lost the lot. Exactly the same thing happened to another customer selling wholesale consumer goods, they lost over $100,000 via an almost identical scam. All it takes is one lapse in concentration by one person to bring down an entire organisation.
Now that so many of us are working from home there have been many changes to the way we work from day to day. Technology is being leveraged to enable the new remote workforce but this brings many changes to our day to day work lives. As an example, many of you are seeing voicemails delivered to your email inbox for the very first time. Take this email I received today-
It is easy to believe that this could be legitimate but it is not. The moment I click on that "Listen to Full Audio Message" link I'm going to be asked to provide my Office 365 username and password. If I do that the scammers get what they are after - a way in to my email data and beyond.
We have been gradually rolling out Multi-Factor Authentication (MFA) for all of our MSP clients to reduce the risk of an attack such as the one above from being successful but it is going to take time, we can't do it overnight and now with the massive workload COVID19 is creating that process will become even slower.
When we talk to our customers about setting up MFA some decide not to proceed because "It's just a bit too difficult right now, maybe later." When the time comes and we approach you about setting up MFA don't be one of those people, take the time to understand why this is so important and put the energy and focus in to it that it so deserves.
It is up to you to practice constant vigilance and encourage your employees, colleagues, family, neighbours, friends and anybody else who will listen do to the same. This advice has not changed since the dawn of the internet-
Never, ever give your password to anybody or any web site that you do not implicitly trust. If you are not sure, call our help desk and ask.
It's such a simple rule but so many people keep breaking it. Don't be one of those people.