Phishing in the Remote Workplace

Rethinking Privacy Protection as Phishing Increases

Phishing scams are an old tactic gaining popularity among hackers as remote workplaces have given them new life, requiring employers to develop new approaches to privacy protection for their business and employees. Many companies are picking up a hybrid model, allowing for part in-office and part remote/work-from-home models. Some companies are even eliminating an in-person office altogether and going fully remote.

While these new work models are proving to be beneficial to employees’ job satisfaction as well as productivity, one thing is top of mind for business owners and IT departments: can you keep your business safe from online threats in this new paradigm?

In a recent survey IDX performed with BenefitsPro, when asking HR and business leaders about a possible rise of data breaches in a remote or hybrid work model, nearly three quarters stated they were concerned. On top of that, those same leaders saw phishing scams as the greatest data privacy concern facing their company, followed by poor password management and protecting their employees from fraud.

The rise of phishing scams create a threat to remote workers

An increase in phishing attacks

In December of 2021, there were a record number of phishing attacks reported, just over 315,000. This number has tripled since the beginning of 2020. As individuals spent more time at home and ultimately, more time on the Internet, scammers took the opportunity to hit individuals hard. Unfortunately, these attacks don’t just affect the individual. In the Verizon Data Breach Investigations Report (DBIR) 20212, 41% of businesses reported their breaches were caused by phishing.

An increase in the cost of phishing scams

Not only have the number of phishing scams increased in the last two years, but so have their impact on businesses. In 2021, phishing scams cost companies $14.8 million, almost triple from 2015. IBM reports that organizations with an incident response team and security threat plan do not see as high of a financial hit from breaches. When it comes to phishing, the cost it could have on a company could come down to mitigation practices and security policies.

An increase in phishing scam complexity

Hackers are becoming more sophisticated with the type of phishing scams they generate. Email is still a popular method, but social media, text messaging, and phone calls are also employed. Individuals will also go so far as to set-up fake accounts in order to impersonate individuals you may know. In business, these impersonators target prominent figures in a company that employees will be quick to respond to, such as CEOs or HR representatives.

While remote employees may utilize their own networks and their own devices for work, companies need to be aware of the increased threat phishing puts on the business and employee. Privacy protection is essential to help keep everyone safe.

Tips for mitigating the risk of breaches from phishing

Setting a Clear Security Policy

With remote work becoming the norm within businesses, now is the time to review security policies and ensure that they are in line with new work models. If a business is fully remote, those policies that were easy to implement from a secure office network will no longer apply. IDX’s CEO, Tom Kelly, states that a new social contract must be struck between employers and employees to help mitigate risk to both parties in the remote workplace.

Offer cybersecurity training

In a recent report from Knowbe4, they found that 88% of breaches involve a human element. Mitigating the risk of breaches is possible if businesses are proactive in providing cybersecurity training to their employees. Only 1 in 5 organizations offer training once per year, but in order to retain information, it must be thoroughly studied multiple times. Providing training once every few years is not enough, especially when the landscape of phishing scams in consistently changing.

Provide Tools for Security

There are two simple tools that can help protect your business and your employees from data breaches: VPNs and password managers. In the work from home environment, there is no guarantee that an employee’s network is safe. Using a VPN to access company software and platforms provides a layer of protection from a home network. A password manager will allow employees to use unique passwords for all systems without the fear of forgetting them.

Provide Protection for your Employees and Your Business

Beyond a password manager and VPN, businesses can also invest in Privacy Protection as an employee benefit to give extra security to employees. In IDX and BenefitPro’s survey, 90% of organizations were concerned about protecting their employees’ privacy and personal data.

Phishing scams are just one of the many threats facing individuals and their privacy. Enabling your employees with solutions that evolve as quickly as complex cybercrimes provides peace of mind for everyone. For a deeper look at the digital threats employees face, download our white paper on identity theft’s impacts on employees.

Partnering with a company like IDX, to provide privacy protection as a benefit is a great way to raise employee satisfaction as well as security as we move into hybrid and remote work models permanently.

For part 6 of the BenefitsPRO survey series, click here.