Just under half of the office workers are less likely to uphold safe data practices whilst working from home as it emerges that the majority of brand impersonation attacks have used Google to mask their phishing scams.
This is according to Tessian who builds technology to empower people to work safely, report ‘the state of data loss prevention’ which found that 48 per cent of office turned remote workers are now more likely to use unsafe data practices when working remotely. As well as 52 per cent admitting they feel like they can get away with riskier behaviour whilst working from home.
The main reasons for not following the usual safety protocols were not working on their usual devices (50 per cent) and not being watched by IT (48 per cent).
To add to the matter, 84 per cent of global IT leaders say that data loss prevention is harder to deal with when a workforce is remote working.
Separate research from Barracuda Networks, a company providing security, networking and storage products based on network appliances and cloud services, found that 65,000 out of the 100,000 form-based attacks that the company detected between January and April 2020 have used Google-branded impersonated attacks. The Google brands that were used were split up between storage.googleapis.com (25 per cent), docs.google.com (23 per cent), storage.cloud.google.com (13 per cent), and drive.google.com (4 per cent).
In comparison, Microsoft brands have only been targetted for 13 per cent of form-based attacks.
Tim Sadler, CEO at Tessian said:
The Covid-19 crisis has triggered a tidal wave of challenges for businesses. Whilst they adapted fast to the abrupt shift towards remote working, the challenge businesses now face is keeping data secure from risky employee behaviour as working from home becomes the norm.
Our research shows that people will cut corners on security best practices when working remotely and find workarounds if security policies disrupt their productivity in these new working conditions. But, all it takes is one misdirected email, incorrectly stored data file, or weak password, before a business faces a severe data breach that results in the wrath of regulations and financial turmoil. During this time, protecting people has to be all businesses’ top priority. IT decision makers, therefore, must establish clear guidelines on security best practices, enabling all staff to work efficiently and safely when away from the office.
Steve Peake, UK systems engineer manager, at Barracuda Networks said:
Brand-impersonation spear phishing attacks have always been a popular and successful method of harvesting a user’s login credentials, and with more people than ever working from home, it’s no surprise that cyber criminals are taking the opportunity to flood people’s inboxes with these scams. The sophistication of these attacks has accelerated in recent times: now, hackers can even create an online phishing form or page using the guise of legitimate services, such as forms.office.com, to trick unsuspecting users.
Fortunately, there are ways to protect oneself against these cyber, such as implementing multi-factor authentication steps on all log-in pages so that hackers will require more than just a password to gain access to your data. Other, more sophisticated methods of cyber protection include using email security software, such as API based inbox defence, which uses artificial intelligence to detect and block attacks.
In May, HRreview reported that according to Wire, a secure collaboration platform, 83 per cent of UK business decision-makers do not see security as a priority when it comes to remote working, which may possibly leave them vulnerable to hackers.
Tessian gathered these results by conducting a global survey of 2,000 office workers and 250 IT decision-makers in the UK and the US.