Ensure that the team members that travel are employing MFA, and VPNs
The hackers will act as CEO when the boss is away.
Additionally, because so many people post selfies and location data on social media, fraudsters can choose the right moments to play bossfake.
When it’s simpler than ever to locate the OOO executive, IT professionals must have verification procedures in place to demonstrate that the boss who is drinking a margarita on a beach and asking for crucial information is, in fact, the boss who is sipping a margarita on a beach and asking for crucial information.
According to executives of emerging security trends, they say “always assume bad guys will know if somebody is on travel.”
According to these executives, they say Harry Houdini gave his wife a secret codeword so that anyone claiming to have had touch with the escape artist in the afterlife would have the credentials to back up their claims.
An agreed-upon spoken code can assist a business get out of a fraud situation and verify the connection, whether an executive texts for a wire transfer or a CFO emails for a sales presentation.
An IT professional-familiar travel check list can and should now include a spoken password:
- Avoid using free WiFi and utilize VPNs to encrypt your traffic.
- Implement multi-factor authentication (MFA) to safeguard against any compromised credentials.
- Keep your devices nearby. Taking an interview from the airport, Doug Saylors, partner at the consulting ISC, noticed an abandoned device and said, “Like literally across from me, there’s a laptop on a table.”
While MFA safeguards access to a lost laptop and VPNs can thwart man-in-the-middle attacks, organizations lost $2.4 billion due to corporate email intrusion.
When a vendor sends an invoice or a CEO asks an assistant to buy gift cards for staff awards, the request looks to be legitimate in a business email compromise (BEC) fraud
A “CEO fraud” ring that impersonated executives and asked the accounting department for last-minute wire modifications was busted by Europol in February.
An attacker might generate a false feeling of urgency if a group is aware that the boss is away. Hey, we’ve had to turn this money over to a vendor by midnight, might be the subject of a phishing SMS or email sent to a CFO.
Hou-dun-it? According to the chief experience officer of Sectigo, employees in dubious situations should start the dialogue, not click any links, and go “out-of-band” and beyond the initial communication.
“When someone claiming to be someone you know and trust asks you for money or sensitive information, but the situation seems unique and irregular…The red flags should rise, particularly when they convey a sense of urgency.
Even calling the boss may not be a sufficient guarantee. A late 2022 VMware analysis found that respondents experienced a 13% increase in malicious deepfakes, of which slightly less than half were audio-based.
Encourage staff to phone them, email a Slack, or do the Houdini.
Assume that their vacation plans are known, and prepare a plan of action to handle it just in case.
Looking to discuss VPNS and remote working ? Contact the professional IT specialists at ETV Software, Inc. at 903-531-0377