“Experts are emphasizing the need for U.S. companies to take a variety of steps to tamp down security risks that arise from employees suddenly working from home en masse.” (The Street)
When masses are working from home
With the outbreak of the coronavirus forcing organizations to adopt a work from home (WFH) paradigm, it has become all too clear that there is a great need to learn how to best adapt to and accommodate this abrupt change, especially when it comes to productivity and security.
For many of us, transitioning to a remote framework represents a major adjustment. For fraudsters, on the other hand, this represents a major opportunity.
This is because working from home means using collaboration tools such as Zoom, Google Hangouts, and others, replacing face-to-face meetings. The implication is that activities that are typically tightly coupled have now become de-coupled, and highly integrated business processes have become disintegrated. Disintegration yields ‘cracks’ in processes and workflows.
For example, if you need to reach out to a vendor at their headquarters, the call will go unanswered. Everyone is at home. If you need to verify some items with a business partner, you will likely face the same situation.
These ‘cracks’ that come about when masses of people are working from home present a challenge for most. However, as noted earlier, they also present an opportunity for cyberfraudsters.
The WFH paradigm has led to an increase in employees being targeted by cyberfraudsters through social engineering tactics including business email compromise (BEC), caller ID spoofing, and deep-fake voice cloning calls.
WFH is not just about business continuity
“Telecommuters greatly increase the chances of account takeovers, data breaches and data leaks.” (bizjournals.com)
We can see evidence of this in a recent COVID-19-themed BEC attack.
Earlier this month, the Agari Cyber Intelligence Division (ACID) announced the case of the cybercriminal group Ancient Tortoise, which sent out emails, noting:
“Due to the news of the Corona-virus disease (COVID-19) we are changing banks and sending payments directly to our factory for payments, so please let me know total payment ready to be made so i can forward you our updated payment information.”
Unfortunately, these scams work. And worse, this is just the tip of the iceberg.
How to keep corporate payments safe when working from home
So, what can we do to combat these nefarious attempts? How can we secure disintegrated processes and prevent payments fraud?
Here are some steps I would recommend to every organization to take:
Identify potentially vulnerable actions and processes: that are affected by WFH, such as updating vendor bank account details or performing wire transfers.
Implement a zero-trust policy, using out-of-band verification for these actions and processes: this means that WFH employees should verify every bank account change request. Ideally, such validations should not rely on reaching out to the vendor. Rather, employees should utilize out-of-band verification methods that match bank account ownership details against information that is provided by trusted, secured, third party data repositories.
Don’t rush: during the period that employees are working from home, consider enforcing a longer-than-usual delay policy for payments to new/updated bank accounts (e.g. seven days, 14 days, or 30 days), and leverage technology-enabled measures for enforcement (i.e. scanning payment files).
Less is more: limit the number of employees that can perform sensitive operations or access sensitive data. This is the time to get centralized. If you have remote subsidiaries – consider to temporary limit their privileges.
Train and educate finance and procurement personnel to be aware of and be able to identify spoofed emails and phone calls, with special attention on training personnel who are the most likely to be targeted.
Additional infrastructure changes
Protect communication lines: mandating a VPN-driven connection to all corporate communication and network systems and assets.
Protect system access: with multi-factor authentication during login or prior to initiating actions associated with potential vulnerabilities.
Enhance email systems: to identify emails sent from spoofed domains, to prevent social engineering attacks that are attempted from look-alike domains.
Isolate confidential resources: which should never be accessed over a public WiFi connection (e.g. remote desktop access), where other resources, such as confidential documents, should be isolated from the network altogether.
nsKnox for long-term payment protection
nsKnox is here to help with your long-term payment protection needs. Our solutions protect organizations and banks against cyberfraud carried out by insiders and outsiders, by detecting and preventing finance and operational infrastructure attacks, social engineering, business email compromise (BEC) and other advanced persistent fraud attacks.