Remote and hybrid workers an easy target for scammers

New research has revealed that remote and hybrid workers are especially susceptible to scams.

A recent study by GetApp revealed that a shocking 85 per cent of remote and hybrid employees have been the victim of a phishing attack on at least one occasion. Another 67 per cent have been stung more than once.

Andrew Blair, content analyst at GetApp Australia, believes that a lack of security measures in remote-working environments is contributing to these statistics.

“Companies that have transitioned to fully remote or hybrid working models in previous years should reflect on what best supports their employees and technology’s role,” explained Mr Blair.

“In particular, technology aimed to boost productivity and security while simultaneously fulfilling the needs of location-specific remote and hybrid working employees.”

This has prompted the need for more security in remote and hybrid working situations. The most popular methods for these attacks, according to the respondents, were:

1. Impersonating a company (48 per cent)
2. An award prize (48 per cent)
3. Impersonating a government agency (20 per cent)
4. COVID-19 alerts (17 per cent)

There are a few ways that employees are responding to these attacks, with the most popular being:

1. Setting up two-factor authentication (38 per cent)
2. Installing antivirus software (34 per cent)
3. Regularly changing Wi-Fi passwords (18 per cent)
4. Choosing not to use desktop files (12 per cent)

Alarmingly, just 25 per cent of respondents said they regularly receive cyber security training. With three-quarters not, employers may be able to tackle these issues by keeping employees up to date with security awareness.

Remote and hybrid working can leave employers with a “set-and-forget” mindset to checking up on their workforce. This can allow problems to persist. With GetApp’s report finding that 82 per cent of people prefer remote working, it’s important to provide cyber security training for those working from home.

Simply changing passwords can make a difference. However, the study found that 26 per cent of remote or hybrid workers who have been targeted by phishing attacks keep their password the same afterwards. Similarly, only a quarter said they have installed email security software to protect their home working set-up.

There are a few ways that employers and individuals can help identify and prevent these issues. According to GetApp, if an incident occurs, the next steps should be:

1. Identify the breach: Record when the breach was discovered, the type of personal information involved, and the cause and extent of the breach.
2. Contain the breach: Assess the seriousness of the breach and act immediately. This can include contacting recipients to ask them to delete the email and change their passwords.
3. Assess the risks of individuals associated with the breach: Collect information about the breach and assess if further action is required, such as advising your systems administrator.
4. Consider a breach notification: Decide whether to escalate to a response team to conduct an initial investigation and notify the Australian Cyber Security Centre (ACSC), depending on the extent of the breach.
5. Review the incident: Follow up with a full investigation to prevent future breaches.