5 Ways to Prevent Phishing from Ruining Your Summer Vacation

By Carla Roncato, Vice President of Identity at WatchGuard

Sunburn isn’t the only thing you need protection from this summer. The U.S. Federal Cybersecurity and Infrastructure Security Agency (CISA), warns that the risk of being hit by cyberattacks rises over holidays and weekends. During the summer months, when employees and customers are away on vacation, things usually slow down for businesses, but not for cybercriminals; they are busy taking advantage of minimal staffing levels in companies during the vacation period to launch complex attacks. Today I’ll be discussing five ways to keep your company and employees safe and educated against phishing attacks and prevent them from ruining your summer vacation. 

  1. Provide security training for your employees before the vacation: Schedule courses to refresh or update your organization’s security policies so they are familiar with the best cybersecurity practices when they are out of the office. In addition, 55% of employees admit to relying exclusively on their mobile devices while working from vacation destinations during their days off. In addition to phishing, they are exposed to another risk, smishing (or SMS phishing), which means it’s particularly important to establish safe mobile working practices. 
  2. Make sure employees know how to recognize phishing attempts: In addition to impersonating HR, cybercriminals can impersonate someone outside the office. If attackers have gained access to someone’s calendar or email account, they will know when that person is on vacation and can impersonate them by sending messages to other employees with the aim of gaining privileged access to the system or extorting money. It is important to check the recipient of emails carefully – look for wording that looks strange and verify communications with the person sending the message to make sure it is not a hoax.  
  3. Draw up contingency plans: Develop plans that serve as a guide so that your organization can react quickly and efficiently, limiting the impacts and scope of an attack. These plans should include a breakdown of who should be involved and their responsibilities, outlining scenarios according to team member’s vacations.  
  4. Implement multi-factor authentication (MFA): Deploying an MFA solution can prevent attackers from entering your organization’s network if one of your staff members has been the victim of a successful phishing attack. In addition, solutions that take into account the DNA of the mobile device can prevent attackers who attempt to clone a user’s device from gaining access to the system, as the DNA of the device would not match. 
  5. Use endpoint security: Having an advanced detection and response solution in place, capable of continuously monitoring endpoints and enabling automated blocking of anomalous user, machine and process behavior ensures that network devices are protected in the event of a cybercriminal gaining access to the company’s system as a result of a successful phishing attack.  

Vacation travel-focused phishing campaigns are continuing to evolve with new versions of business email compromise attacks (BEC). For example, recently, the Phishing Defense Center (PDC) published a report that highlights a new campaign in which attackers impersonate a company’s Human Resources department, sending misleading emails to unsuspecting employees to open a link that mimics vacation submission requests. However, when they open the phishing page, it asks them to provide their username and password, thus obtaining their credentials. It’s just one example of the ever-changing tactics that attackers employ.

By taking the above five practices into account and implementing the appropriate technology, businesses can rest easier over the summer and employees can enjoy their vacations, safe in the knowledge that they are protected against phishing.

Carla Roncato is WatchGuard’s Vice President of Identity. She is an industry expert in identity management, access management, open identity standards, data security, privacy, and zero-trust initiatives.

Carla has expertise in cloud, software, hardware, and services and previously worked at organizations such as Cognizant, Intel, McAfee, Microsoft, Teradata and the OpenID Foundation, where she is an evangelist for open identity standards. She has been featured in the Wall Street Journal, SC Magazine, TechTarget, and Biometric Update media publications.

Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.