Cyber Risks & Liabilities
This article is from RISQ Consulting’s Zywave client portal, a resource available to all RISQ Consulting clients. Please contact your Benefits Consultant or Account Executive for more information or for help setting up your own login.
Research Shows Malicious Document Downloads Are Surging Overview
Using malicious software—also called malware—to compromise a victim’s data or technology is one of the most common cyberattack methods. Malware is typically triggered by clicking on the deceptive links or dangerous attachments that often accompany phishing emails. In fact, recent research found that malicious document downloads are currently on the rise.
According to Netskope Threat Lab’s latest report, 40% of malware attacks have been deployed through the medium of harmful email attachments during 2021, representing a 20% rise over last year’s data. Specifically, these email attachments have been disguised as office documents—including Microsoft Office files, PDFs and Google Docs.
This rise in malicious document downloads is likely tied to cybercriminals taking advantage of shifting work arrangements during the ongoing COVID-19 pandemic. After all, the significant increase in remote operations over the past year has led to more employees relying on digital platforms (e.g., email and online messaging) to communicate with their co-workers.
With remote employees using virtual mediums to share important information and files, cybercriminals have been able to trick some of these workers into downloading malicious office documents via deceitful emails. For instance, a cybercriminal may impersonate a victim’s co-worker and email them a harmful file titled “Monthly Financial Report” in order to manipulate them into downloading it.
In light of this trend, it’s critical for employers to take the following steps to protect against malicious document downloads:
- Educate employees on how to recognize and respond to phishing emails. In particular, workers should always verify the sender’s identity by double-checking their address before interacting with an email and avoid opening any attachments from unknown sources. Further, employees should report any suspicious email activity to the IT department.
- Implement antivirus programs and endpoint detection and response systems on workplace technology to help minimize malware threats. Update this software regularly.
- Install email security features (e.g., spam filters) to help prevent malicious messages from landing in employees’ inboxes altogether.
Cybersecurity Considerations for Hybrid Work
COVID-19 pandemic has greatly changed how employees across the country work and live. That is, the past year saw a substantial proportion of the workforce transition to remote operations. Looking ahead, a recent study found that the majority of remote employees (83%) are wanting to continue working from home in some capacity. As a result, nearly half (45%) of employers are planning to implement hybrid work arrangements in the near future. Such arrangements allow for employees to split their time between working remotely and on-site. For example, employees may work in the office every Monday and stay remote for the remainder of the week.
While hybrid work models can offer various benefits to both employers and their workforces, these arrangements also carry unique cybersecurity risks. First, remote work environments often provide less secure network settings than on-site setups, leaving employees more vulnerable to cloud-based cyberattacks. In fact, such attacks have skyrocketed by over 600% since the pandemic began.
What’s worse, by alternating between remote and on-site networks, employees could potentially expose a greater proportion of workplace technology and assets amid a cyber incident. In other words, if an employee unknowingly has their laptop hacked by cybercriminals while working remotely and connects that device to an on-site network a few days later while working in the office, all workplace technology is then at risk of being compromised by the hackers.
If you are considering a hybrid work model within your organization, consider these best practices to help minimize cybersecurity exposures:
- Utilize a virtual private network (VPN). Having a VPN provides your employees with a private, protected network connection—both remotely and on-site. VPNs offer various cybersecurity features, such as hiding users’ IP addresses, encrypting data transfers and masking users’ locations. If you don’t already have a VPN, this is a crucial step in developing a secure hybrid work model, as it can reduce network vulnerabilities when employees work remotely. If you already have a VPN, be sure it is fully patched.
- Train employees. Require staff to participate in routine cybersecurity training. This training should help employees stay up to date on the latest cyberthreats, emerging attack methods and top tips for protecting against these concerns. Additionally, this training should address specific risks related to hybrid work arrangements and how to properly mitigate them.
- Safeguard all devices. Make sure all workplace devices—including those used remotely—are equipped with adequate security software (e.g., antivirus programs, firewalls, endpoint detection and response systems, and patch management products). Ensure this software is updated as needed to maintain its effectiveness.
- Foster open communication. Lastly, encourage employees to consult the IT department if they encounter any cybersecurity issues or suspect a potential cyberattack.
Educate Employees on This Emerging Phishing Scam
While phishing scams have been a persistent issue for employers of varying sizes and sectors, cybersecurity experts recently confirmed that a new phishing tactic has emerged.
This scam entails cybercriminals impersonating a trusted cybersecurity company and emailing their victims a “secure message.” The email then asks victims to click on a harmful link to view their “secure message.” However, clicking on the link opens a malicious website that attempts to compromise victims’ devices.
So far, this emerging phishing tactic has been detected in over 75,000 employees’ email inboxes across industry lines. The message is typically sent to multiple employees within the same organization, often from different departments. Targeted employees have included both individual contributors and those in leadership positions.
It’s vital for employers like you to educate workers on the latest phishing tactic. Be sure to show employees the key signs of this scam and encourage them to report suspicious messages to the IT department.
Contact us today for additional cybersecurity resources.
- Published in Blog
Drink the Coffee, Just Don’t Forget the Water!
By Natasha Kwachka, Employee Benefits Service Manager
Have you ever woken up in the morning so thirsty that you chug such a large amount of water you could put a fish to shame? I like to think that I’m giving myself enough water each day, but mornings like this tell me I’m wrong. Water is a necessity! You must have fluids, or you will literally DIE. So why is it so hard to give our bodies what they need? How does one find the time to drink enough water? With all the busyness that life has in store for us some days, this simple need seems harder to accomplish then it should be.
So today I want to provide an important reminder. WE NEED WATER! I think there are about 35 reusable water bottles that drift between my home and work and it still is difficult at times. I am a busy mom with a full-time job, and some evenings I hit my bed totally exhausted, look back at my day and realize I didn’t have one single glass of water. Wow, those are some very eye-opening days of where I may sometimes sit on the totem pole of life. I guarantee I am not alone in this struggle. As a matter fact, I have had a conversation about water intake with at least 5 close friends.
One of the things I always found interesting though, was that people never seem to skip out on the coffee. Somehow there is always time for coffee! We giggle as we make the excuse, “but coffee has water in it!”, knowing we have all been told that caffeine dehydrates you. But does it? Since we WILL make time for coffee I am now in search of the truth!
The fruits of my research suggest that our silly excuse actually holds up. That cup’o Joe does actually hydrate you! Check out the eye-opening article below. So, go ahead, DRINK THAT CUP OF COFFEE! However, don’t forget to follow up with several more glasses of water throughout the day. In these busy times, we need to stay hydrated more than ever.
https://www.livescience.com/55479-does-caffeine-cause-dehydration.html
- Published in Blog
Cognitive Behavioral Therapy
By Madasin Jennings, Account Specialist
Like most people during some point in their life, I struggle to cope with my stress and anxiety. I have spent countless hours scouring the internet for tools that can help me understand and change my anxious thoughts and behaviors into more positive ones. During this search, I happened to stumble upon a Cognitive Behavioral Therapy (CBT) based book written by therapists, The Anti-Anxiety Notebook. If you struggle with stress and anxiety and haven’t worked through this book yet, I highly recommend it.
In the introduction, the authors make a very good point about how a lot of research and tools have been developed and published about what causes stress and anxiety and how we can manage it, but these tools were never developed and marketed in a way that are easily accessible by the public. While these authors have already created a notebook tool utilizing Cognitive Behavioral Therapy, my curiosity had been peaked so I hit up my old friend, Google, to look up the scientific evidence surrounding CBT.
Cognitive Behavioral Therapy has several core principles but the one I find most interesting is that it can be used to teach people to identify, evaluate, and respond to their stress and anxiety, to change their thinking, mood, and behavior. I am especially drawn to this because this method allows an individual to develop a self-regard that is extended to include a regard for others. By understanding that your thoughts and feelings are not determined by a situation, but by your perception of a situation, you can begin to identify and analyze your thought patterns. This will lead you to change the way you think about a situation, and in time, change your behavior toward the stimulus.
Cognitive Behavior Therapy is by no means an overnight fix and may not work for everyone. However, if applied correctly, it can help many people suffering from a range of problems, including but not limited to depression, anxiety disorders, alcohol and drug use problems, marital issues, eating disorders, and even some mental illnesses. The application for CBT seems endless, mainly because these techniques are so universal but can easily be molded to fit the specific needs of an individual’s diagnosis.
I am now looking forward to my personal journey with Cognitive Behavioral Therapy, as I work through The Anti-Anxiety Notebook… and who knows, maybe another CBT blog post is in our future!
- Published in Blog
Lights, Camera, Spooky Season!
By Taylor Brouillet-Stock, Account Specialist
It’s that time of year again, folks! Halloween is quickly approaching and if you’re anything like me, that means endless movies to get into the spirit of this exciting holiday. Some people prefer Christmas, others might prefer Thanksgiving, but I personally love Halloween and the general spooky vibe during this time of year.
For as long as I can remember, the month of October has included carving pumpkins, searching for the perfect costume, trick or treating, and of course, Halloween movies! If you’re searching for the right movie(s) to get into the spirit of Halloween, then this article has summoned a perfect list for you. It lists 35 different classic Halloween movies and even includes my personal favorites, Practical Magic and Hocus Pocus. Just be sure to leave the lights on for the scary bits! Happy Halloween!
https://www.townandcountrymag.com/leisure/g12107335/best-classic-halloween-movies/
- Published in Blog
Lean & Green
By Elva Perez, Account Specialist
If you can’t tell already from my last Blog post about plants, and this one about plants, then I’ll just come out and say it. I’m clearly the “crazy plant lady” in the office. This is the first career that I’ve gotten my own working space to make my own. Of course, as the crazy plant lady, the first thing I did was bring in plants to put on my desk. I function better if my area closely resembles a mini growing jungle. My colleagues who walk by really appreciate the beauty and let me know that it’s pure joy seeing the greenery. It brings them peace (and more oxygen) to their day!
I’ve been with RISQ Consulting for about 6 months now, and one of the many things I am learning about is the concept of being “Lean”. While Lean has nothing to do with plants directly, I definitely believe that plants have everything to do with helping you BE Lean. Here is a great read I found about being “lean and green” in your work environment.
https://www.sciencedaily.com/releases/2014/09/140901090735.htm
- Published in Blog
Another Serving of YUM, Anyone?
By Bailey Penrose, Employer Services Account Manager
It’s that time of year again, Alaska’s small window of Fall as we gear up for the snowy winter months. As hot drinks become appealing, sweaters are lovingly taken out of storage, and the season’s chill starts to bite, the kitchen calls with its siren song as we all head inside.
For some delicious recipe inspiration, please consider some of the online resources below:
If a cook-book is more your speed, have you tried Chrissy Teigan? These recipes may not be what one might call “health conscious” but they are more than worth it in flavor!
Cravings: Recipes for All the Food You Want to Eat by Chrissy Teigan 2016
Cravings: Hungry for More by Chrissy Teigan 2018
And lastly, while Alaska may not yet have access to a full meal-prep service like Blue Apron or Hello Fresh, eMeals is an online service that offers meal planning (recipe options for each day of the week) and is available wherever you’re located.
- Published in Blog
Skating into Winter
By Madasin Jennings, Account Specialist
It has begun. The leaves have changed, the temperature has dropped, and the days are getting darker. Winter is here and for me, this means it’s time to start thinking about winter activities.
In the past, I have always preferred to spend my summers outdoors while spending my winters indoors. So, winter activities aren’t something I am too familiar with. My boyfriend, however, is a fan of all weather, especially winter. Skiing and playing hockey are among two of his favorite things to do in winter. Last season, I hit the slopes a grand total of one time. I did, however, take to ice skating like a duck on (frozen) water.
Like most people in my generation, when I want to know more about something, I google it. For anyone wanting to learn how to ice skate, this article would be a great start. It starts off at the basics: clothing dos and don’ts, choosing the right ice skates for you, and how to properly lace up. Start slowly and it’s ok to stick close to the barrier! This will help you get a feel for the ice and how your body reacts to movements on the ice until you can find your balance. There are tips on proper skating stance and a few things to think about as you start gaining momentum, like learning how to stand and stop. These are all important steppingstones that will help glide you toward success.
For me, the most important thing to take away from this article is to be patient with yourself. Take it one glide at a time and learn as you go, while also remembering to have fun. Don’t waste away indoors while a winter wonderland sits right outside your window. Get out there and try something new!
10 Tips for Ice Skating Beginners:
https://iceskatingpassion.com/first-time-ice-skating-tips-beginners/
- Published in Blog
Is a 4 Day Work Week Best 4 You?
By Devin Jackson, Employer Services Account Specialist
Are you still having problems with employee retention because of Covid? Well, I may have found just the solution you need to pique the interest of the new, forward thinking, and upcoming work force. A four-day work week. Which conveniently yields a three-day weekend!
Employees are starting to want more freedom and a well-balanced work, home life. Studies are showing that a 4-day work week can not only yield more employee productivity, but can also increase employee energy and happiness, which in turn helps to promote a better work environment. The pros and cons have been listed, and it’s up to each employer to see how they land in their industry. Check out the article below to see if a 4-day work week may be a good fit for you and your company.
- Published in Blog
