Cyberattacks are big business for scammers, and front-line workers (80% of the global workforce *) are a perfect target.
It’s a common scenario, playing out in retail, healthcare, manufacturing, logistics … a worker uses a computer that is wired or alternatively asks a co-worker ‘what’s the start session? ‘
Then they jump in to do their homework. Your activity, and everyone else’s, is recorded as “District 9 North PEC Team” or “Warehouse”, not by name.
Without a network identity of their own, they can’t have a company email account, so they log into their personal email to send customer information to another coworker or type it into a personal messaging app on their telephone.
“Can you get Psychiatry CL to see Jane Jones 9 North bed 6 URN 9551389 today? The patient has been hospitalized for 74 days with recurrent infections / spine surgery and has been desperate for her return home.”
That’s fictitious information, but if it made you uncomfortable reading it, consider that this kind of potentially dire information sharing via personal apps happens every day in many settings.
Although this may be well-intentioned, sharing access to and use of personal applications puts organizations at enormous risk, both of violating privacy regulations and damaging reputations.
Often times, there are also huge costs to remediate security breaches if an attacker takes advantage of leaked information, as highly paid consultants parachute in to forensically analyze what happened.
Employees may not even know they are doing the wrong thing by emailing confidential company information to another coworker in a personal email system, but even if a company wants to stop it, it can be difficult to determine who. is doing.
Most worrisome, however, is that staff are left unprotected against social engineering attacks when they use a patchwork of different personal apps to communicate.
Corporate email and messaging apps are designed with layers of machine learning antispam and antiphishing systems, but personal apps may only have the most rudimentary protection against unsolicited contact, if at all.
The cost of front-line security breaches
A ransomware attack in May 2021 on Colonial Pipeline in the US was the result of a single leaked username and password combination.
The company paid more than $ 6 million ($ 4.4 million) in ransom to the attackers for the key to decrypt the encrypted servers and not publish 100GB of stolen data.
However, this was a small fraction of the cost of stopping the full operation of its $ 8 billion pipeline, responsible for delivering 45% of the fuel to the east coast of the United States, over several days, and the huge response from security of external consultants necessary to re-secure the entire system.
It disrupted flight schedules due to airports running out of fuel and led President Biden to declare a state of emergency to allow more fuel to be transported by road than usual.
Closer to home, several Australian health networks have also been subject to ransomware attacks, resulting in cancellation of elective surgery services and paralyzing performance in hospitals as staff once again kept fully manual patient records. .
A plant operator at a Florida water utility who noticed his mouse cursor moving on his screen was not initially alarmed when he saw what he thought was his boss using Teamviewer remote control software to fix things on his computer. .
Fortunately, he noticed that the mouse cursor adjusted the sodium hydroxide levels from 100 parts per million to 11,100 parts per million in the water plant. At those levels, the water would have damaged human tissue and would have flowed from thousands of neighborhood taps within 24 to 36 hours. It turned out that his Teamviewer login credentials had been compromised and an intruder was making the settings.
Securing Frontline Workers
Now there are solutions to facilitate front line security. Here are four key recommendations from Google:
# 1 Train, practice and train again
Frontline workers aren’t always in constant contact with other workers, so they don’t necessarily have the benefit of hearing about the new types of security attacks the company is experiencing. Therefore, proactive cybersecurity awareness training of frontline workers is the first thing every organization should do. Training should also include regular mock activities to subject workers to mock phishing exercises, for example to see which staff should receive further training.
# 2 Give everyone an identity
It is a false economy to think that it is cheaper for frontline workers to share network identities. If they don’t have a unique identity, they can’t have email, which means they will use their own personal email platforms. These will not be protected by sophisticated systems that protect against social engineering attacks. It only takes a phishing attack to work, tricking an employee into entering one of the shared network credentials on a fake login page. Then the company will have an intruder on the network, using a shared credential that many other workers are using, which will make it more difficult to detect and see what happened.
# 3 Provision the devices correctly
Many frontline workers will use their own consumer devices. If they are performing work activities on that device without a management system, there is a great risk of data loss, both from insecure applications and lost devices. You must have a device management system that can protect work information even within an employee’s personal device. If you lose your device, you can erase your work information without affecting the employee’s library of family photos.
# 4 Use second factor authentication
Businesses have started using SMS-based second-factor authentication, and that’s better than nothing. However, the attackers are sophisticated and are getting used to accessing SMS-based codes. This can be through social engineering (“Hi, this is IT … I’m about to send you a code to verify this call before discussing the matter with you …”) or by transferring a mobile service to a different SIM card. What is really needed is hardware-based 2FA – a security key that can be connected to a laptop or phone, or even just kept nearby and detected via NFC. These solutions are now inexpensive, easy to implement, and most importantly, even if an attacker gets a username and password, they won’t be able to log in because there is no way to emulate the hardware token.
How Google Can Help
Google has decades of experience detecting and blocking attacks on its own infrastructure, automated using sophisticated machine learning and artificial intelligence. That experience can help your organization too.
Now part of Google Workspace, Gmail automatically blocks 99.99% of incoming spam and phishing attacks (100 million phishing attacks per day). Google has not been aware of a single customer who participates in Google Advanced protection program You have been successfully spoofed. Google’s Phishing Protection can detect new URLs that are used for phishing attacks before someone manually reports them, due to Google’s ability to analyze websites and determine intent.
Google BeyondCorp allows employees to work safely from anywhere, without first connecting to a VPN, using a hardware key for strong authentication that is highly resistant to any known form of emulation or practical attack.
Google Cloud identity It enables users to quickly and easily dispose of network identities, with the automatic provisioning of the Google Workspace suite of services, along with other important applications in the ecosystem such as Slack, Docusign and many others.
Google Terminal management It enables Google Pixel devices to seamlessly integrate with Google Cloud Identity to sandbox information and work applications so that the company can manage them, without affecting the user’s personal information and applications. It also manages other devices with Windows 10, Android and iPhones / iPads.
Google is new Work safer The initiative brings together the suite of Google Workspace, BeyondCorp, Cloud Identity, Data Loss Prevention and Endpoint Management applications, helping to eliminate the guesswork when purchasing a comprehensive security solution, even for organizations with no in-house expertise.
It also includes Recaptcha to protect your company website from malicious bots and users and Google Chrome Enterprise to provide consistent browser security across the company, no matter what type of device is being used.
Organizations can also choose to manage your own encryption keys for your Google workspace, which means that Google cannot access the documents of these organizations or see the content of the data that moves between our facilities. It is an important feature for healthcare, for example, that you must meet very high standards of privacy and security around patient data.
Google drive has granular control for administrators to set which users or user groups can share data with external parties, while Google Workspace as a whole has advanced Data Loss Prevention that can automatically stop files containing sensitive data from shared (where there are clients’ Medicare numbers or bank account details, for example).
Learn more about protecting your frontline workers with Google.
* Increased workforce without a desk, 2018, http://desklessworkforce2018.com/