Execs, just when you thought your work from home program was finally falling into place, we’re hearing that another challenge is surfacing, and this time it’s a big one: Risk. To get to the heart of the matter, we sat down for a Q&A with Michael Scheumack, marketing and technology executive at IDIQ, a consumer-facing identity theft protection and credit-monitoring solution. Michael tells us his company is seeing a rise in fraud due to so many of us working from home.
Listen in as he discusses how employees’ personal vulnerabilities can play into cyberscammers’ hands and what types of scams are circulating right now, so you can develop a plan for protecting your company.
Here’s his take:
How are cyberscammers targeting work-from-homers?
Thieves like to target based on fear and the unknown. Right now the world is full of both, so that uncertainty is easy to prey on. When people are working from home, they lose out on having coworkers to run ideas by, they are just in a bubble and can react quickly and without collaboration. So, people who are working from home are more vulnerable purely from being isolated and a little disconnected from the organization. Scammers are aware of that.
Targeted attacks that occur to an organization due to remote work have led to an increase in scams, such as phishing email attacks where emails appear to be coming from a company or person you know in the company but actually are from cybercriminals phishing for your account or other private company information. Other phishing emails targeting the individual can appear to come from the Centers for Disease Control and Prevention or the IRS trying to take advantage of the pandemic. Other coronavirus-specific fraud includes spoof medical websites or people calling and offering free coronavirus tests, but in order to get that test you need to supply them with personal information. They can take that information and assume your identity.
On the other side of it, scammers are preying on those who want to help. Fake donation sites have popped up all over the place.
When COVID-19 first started, we were reading through forums and seeing a response through the dark web that it was a horrible time to prey on anyone. But, as the months passed, we started to see that resolve and be replaced with a more opportunistic tone. That’s why there’s more fraud with fake sites and robocalls. Robocalls are illegal, but those are still being used as identity theft tactics. For these scammers, this is a great time to steal whatever information they can.
When people hear of an increase in cyberattacks, it tends to make them scared and not want to trust anyone online. But, you can’t become cynical and you have to stay positive. Being aware and educated is the best way to deal with this and puts you on the offensive.
A good rule to follow is when in doubt, delete. And report that you got a suspicious email, so your company can make everyone aware.
And how do you manage your work-from-home team?
The most obvious transitional challenge has been moving my marketing team to a work-from-home environment. Sure, we have always had some element of working from home, but with COVID-19 it has meant transitioning the entire marketing team from the office to the home. That’s not an easy task to accomplish especially when it comes to a marketing team that has been so used to collaborating on projects through daily interaction. We are used to working together, being creative together and being able to easily access each other.
The challenge for me, professionally, has been to keep an entire team engaged, all of the time, remotely. You can find that as months progress, it’s easy for people to get into habits they did not once have, become relaxed or distracted at home and maybe not be as engaged. Keeping teams engaged has meant having to spend quite a bit more time finding methods to do that.
One thing companies, especially larger ones that have transitioned entire teams to work remotely, should strive for is to create better connectivity among all of their employees. These larger companies still tend to be segmented and led by department heads or team leads. They can get disconnected as a team from the rest of the organization. That can make a company more vulnerable to thieves spoofing or sending fake emails from the CEO looking for information that could be pertinent financial information or private information from the company.
One proactive measure that can be in place to avoid this disconnect is to send regular emails to your employees emphasizing that no one will ever email you and ask you for this information. You can also offer security awareness programs that train the employees on what to look out for. That way they are better prepared to not become a victim of spoofing and for the company to stay protected. Implementing these programs on a consistent basis along with consistent communication throughout the organization is really the key to being prepared.
How did you take it, personally?
The other aspect outside of losing physical access to the team is that working remotely means we have to be more cognizant of the changes that are going on in everyone’s personal lives. For me, personally, it meant dealing with the trials of two teenage boys — one graduating from high school and now starting college in this pandemic environment and the other about to start his senior year of high school. I am a little disappointed that they won’t get to experience these milestones fully because each has had to adapt to virtual, at-home learning. But, I am also seeing how positive they are remaining.
Right now the changes in personal situations vary. We have some employees who have small kids and are now dealing with those kids at home, and we have some with teenagers who are now trying to figure out how they are going to graduate and take school seriously but also being forced into an unstructured environment of trying to do schooling at home.
Trying to keep that in mind while also growing a company and continuing to do business as usual takes a little bit of strategizing.
The key to creating focus and structure has really been scheduling regular online video-conferencing meetings, whether we have something to talk about or not. At the beginning, we’d sometimes jump on the video conference and just stare at each other, but now we are talking to each other face to face, even more than we ever did in the office.