With the arrival of tax season and the deepening crisis between Russia and Ukraine, organizations should be on alert to increased cybersecurity threats aimed at stealing data and money. The best defense is a multi-layered information security/risk management program that includes ongoing training to help employees recognize and prevent malicious phishing attacks aimed at breaching your network.
Phishing is a cybercrime that uses different techniques to lure targets into sharing personal or confidential information or downloading malicious software via emails, text messages, phone calls and social media.
Just a few months into 2022, two new phishing threats have emerged that organizations should pay attention to:
- The Internal Revenue Service (IRS) cautions that criminals impersonating its agents are emailing, texting and calling individuals in an attempt to steal their identities and tax refunds.
- The Federal Bureau of Investigation (FBI) is warning US businesses and local governments to prepare for potential ransomware attacks by Russia during its confrontation with Ukraine.
These recent events are evidence that cybercriminals are always devising new schemes to take advantage of busy or distracted employees. According to Check Point Research, businesses witnessed 50% more cyberattacks per week in 2021 compared to 2020, and it predicts the number, intensity and variety of cyberattacks will again increase in 2022.
5 steps organizations can immediately take to minimize the risk of phishing attacks:
1. Select strong passwords and don’t reuse passwords across systems
Passwords are essential to email security. A strong password should contain upper and lower case letters, numbers and special characters, and avoid information that someone could easily guess, such as phone numbers, birth dates and children’s or pet names. Also, don’t use the same password for multiple accounts, as this allows attackers to access an individual’s accounts across various systems by compromising a single credential.
2. Implement two-factor authentication
Multi-factor authentication creates another level of email security beyond your password. After signing in with a password, two-way authentication requires employees to enter a code sent to their cell phone via text message. This extra layer of protection prevents cybercriminals from accessing an organization’s network even if they manage to correctly guess an employee’s password.
3. Never use company email for personal reasons
Restrict company email to business activities. Using company email to shop online, sign up for subscription services or email friends increased exposure to cybercriminals.
4. Always use a VPN for security
When using public or home wireless networks, use a virtual private network (VPN) solution to keep communications safe and private. This prevents attackers from hacking your data on unsecured Wi-Fi networks offered in coffee shops, airports, shopping malls and other public gathering locations.
5. Be careful what you click on
Be wary of emails from unknown senders that ask you to open attachments. Also, be suspicious of emails using online advertisements or pop-ups to get you to click on a valid-looking link that then installs malware on their computer. And limit browsing activity to reputable websites.
Organizations should take steps to alert employees about new and ongoing information security risks, including phishing scams related to tax season and the Russia-Ukraine conflict. The best prevention is ongoing cybersecurity and data privacy training that raises employee awareness about how to keep confidential and sensitive information safe from potential threats.
Access a free trial of our Recognizing and Preventing Phishing Attacks course: