Looking after your digital health when returning to work after a holiday or when moving to a hybrid office model is important, as this increases the attack surface for cybercriminals waiting for the unwary.
These worrisome habits and security risks include the fact that people do not have the highest security hygiene, which means there is more vulnerability for companies and employees, said Anna Collard, SVP for content strategy and evangelist at KnowBe4 Africa.
“It is important to prioritize employee security awareness and digital well-being as much as physical and mental health and well-being when returning to work. HR is obliged to understand that people are tired, overwhelmed and very worried to ensure that they get the support they need, but this must be added to security.
Collard says that tired and overwhelmed employees are also easier targets and easier to bully people, because they don’t work hard on the safety behaviors they should be practicing.
READ ALSO: Nine cybersecurity predictions for 2023 that will keep business owners up at night
Virtual meetings and your digital well-being
“One area where the post-holiday brain may be causing a breach in the company is in virtual meetings. Suddenly, there are a lot of meetings coming into the inbox. Zoom on Tuesday, Team on Wednesday, six more on Friday. The problem is, some of the invitations it can also be a form of social engineering – a fake meeting designed to look like the real thing but designed to get critical information or perform a malicious hack.
In September 2022, several vulnerabilities were discovered in Zoom, such as allowing remote hackers to join meetings and download files, while in May 2022, users were tricked into downloading a more vulnerable version of Zoom, which made it easier for cybercriminals to obtain. access.
He said Microsoft Teams experienced significant phishing and malware attacks in 2022 and is unlikely to escape unscathed in 2023.
“Both platforms have huge user volumes and use cases that provide excellent targeting and all it takes is one wrong person and a hacker gets in.”
Collard warns there are some areas of risk when meeting online.
“The first is to click on a fake link. People are used to seeing these meeting invitations, so they tend to click without thinking. This risk is increased by the fact that companies often work with third-party service providers or freelancers who send meeting requests themselves, which makes it more difficult to detect requests real and fake meetings.
He said this really underscores the need for ongoing cybersecurity training and awareness and to have a list of approved providers so that only meeting requests are accepted.
READ ALSO: Cyber attacks: Negligence, poor systems make South Africa a cyber crime haven
Your digital well-being across multiple platforms
Another problem is that people are now returning to multiple platforms, sites and devices and juggling multiple passwords, multi-factor authentication (MFA) processes and time limits.
“It’s easy to get tired if you’re overwhelmed with work and no training. Even an MFA has become a minefield with hackers finding innovative ways to get people to enter codes into fake systems or share them over the phone.
Collard warns that cybercriminals and their attacks are getting smarter by the click.
“Threats are increasing and vulnerabilities will become a problem. Therefore, now is the time to remind users to be vigilant so that the new year is not marked by new hacks. Start 2023 with training and awareness that strengthens messaging and reminds people how to detect and avoid these threats.