We've been very active in ensuring our employees and systems are kept safe during these unprecedented times. Working from home introduces additional risks that need to be addressed.
Graeme Penwarden, CISO at Premium Credit, explains that one of the primary threats faced by all organisations is the increase in COVID-19 related phishing attacks. These scams have the potential to compromise end user systems and could ultimately lead to wider system availability issues, as well as data leakage. To combat this, we have been continually updating and testing our security controls to ensure that our staff and systems remain safe. Some of these initiatives include:
- Phishing Awareness - Regular bulletins to all staff highlighting the risks of Phishing and what to look out for
- Phishing Simulations - Running regular simulations to measure staff susceptibility to phishing attacks. Any staff that fall below the expected levels are given more detailed training on what to look out for
- Enhanced Web Browsing Security - Controls around what staff can access through their web browsers have been tightened during the 'Work from Home' environment.
- Cyber Intelligence - We have increased our consumption of threat intelligence data to provide early warning of any potential risks to our environment
- Cyber Security Operations Centre - The 24 x 7 monitoring of our security, during COVID-19 and home working. Particular focus is on user behaviour and usage anomalies.
- Endpoint Next Generation Anti-Malware - We use an advanced anti-malware product to protect users and devices from attacks.
The National Cyber Security Centre (NCSC) have seen multiple scams and cyber threats and issued a warning that criminals are looking to exploit the spread of coronavirus to conduct cyber-attacks and hacking campaigns. For more information about protecting oneself against phishing, click here.