Looking after your digital well-being when you return to work after the holidays or when you move to a hybrid office model is important, as this increases the attack surfaces for cyber criminals waiting for people who are not vigilant enough.
These worrying security habits and risks include the fact that people do not have security hygiene top of mind, which means that there are even more vulnerabilities for companies and employees to worry about, says Anna Collard, SVP for content strategy and evangelist at KnowBe4 Africa.
“It is important to prioritise employee security awareness and digital well-being as much as their physical and mental health and well-being when they return to work. HR is mandated to be aware of people being tired, overwhelmed and too anxious to ensure they get the support they need, but this needs to extend into security.”
Collard says tired and overwhelmed employees are also easier targets and distracted people even more so, as they are not working as rigorous with their security behaviours as they should be.
ALSO READ: Nine cybersecurity predictions for 2023 that’ll keep business owners up at night
Virtual meetings and your digital well-being
“One area where the post-holiday brain may very well cause a breach in the company lies in the virtual meeting. Suddenly, there are a ton of meetings flooding into your inbox. Zoom on Tuesday, Teams on Wednesday, six more on Friday. The problem is, some of these invitations may actually be a form of social engineering – fake meetings designed to look like the real thing but engineered to capture critical information or perpetrate a nasty hack.”
In September 2022, several vulnerabilities were found in Zoom, such as allowing a remote hacker to join a meeting and download files, while in May 2022, users were tricked into downloading a more vulnerable version of Zoom, which made it easier for cybercriminals to gain access.
She says Microsoft Teams experienced a significant rise in phishing and malware attacks in 2022 and it is unlikely to escape unscathed in 2023.
“Both these platforms have such high volumes of users and use cases that they present a very juicy target and all it takes is for one person to make a mistake and the hackers are in.”
Collard warns there are several areas of risk when it comes to meetings online.
“The first is clicking on a fake link. People are so used to seeing these meeting invites, they tend to click on them without thinking. This risk is increased by the fact that companies often work with third-party service providers or freelancers who send in their own meeting requests that makes it harder to detect which meeting requests are real and which ones could be fake.”
She says this really underscores the need for ongoing cybersecurity training and awareness and to have approved lists of providers so that only their meeting requests are accepted.
ALSO READ: Cyber attacks: Negligence, poor systems make South Africa cyber crime heaven
Your digital well-being across multiple platforms
Another issue is that people are now back to working across multiple platforms, sites and devices and are juggling multiple passwords, multi-factor authentication (MFA) processes and time constraints.
“It is easy to slip up when you are overwhelmed by work and out of practice. Even MFA has become a minefield with hackers finding innovative ways of getting people to enter their codes into fake systems or sharing them over the phone.”
Collard warns that cybercriminals and their attacks are getting smarter by the click.
“Threats are increasing and vulnerabilities will always be a problem. Therefore, now is the time to remind users about being vigilant so that the new year is not marked by a new hack. Start 2023 with training and awareness that reinforces the messaging and reminds people how to detect and avoid the threats.”