Work and Life Have Intertwined: Why You Need to Protect Against Phishing on Both Fronts

September 19, 2022
Download Case Study

{{consumer="/components/cta/consumer"}}

Don't bring your personal life into the office; don't bring your work stuff home — these were already difficult tasks prior to the 2020 pandemic. Now, with hybrid work settling in, they've become nearly impossible to achieve.

Where we work is no longer tethered to a static location. From the Wi-Fi we connect to, to the devices we use for work, our personal and professional lives are now closely intertwined.

Personal could easily affect the professional

To break up my day while I’m working, I often want to quickly look at the latest news headlines, social network feeds, or personal email messages. But switching to a personal device is disruptive, so I often do these things on my work computer. Convenience wins.

It’s during moments like this where that personal-professional interaction can have an impact on your organization’s cybersecurity.

On one particular day, I had a lot of strange things happening in my personal life that could have easily impacted my professional life if I wasn't careful. 

First, I got an email from Amazon saying my account was disabled due to strange activity and that I needed to click on a link to re-enable. 

amazon Billing Information Issues Hello We lock your Amazon account and hold all your last orders. We took this action, because the billing information you provided did not match the information in the card issuer file. To unlock your account, you can click the button below and proceed with identity verification to prove that it's your account. Account Verification You can't access your account until this process is complete. If you don't complete the verification process within 24 hours, all pending orders will be canceled and we will lock your account permanently. We appreciate your patience with our security measures. Thank you for your attention. Sincerely, Amazon Customer Service Warning: This email was sent from a notification-only address that cannot accept incoming email. Please do not reply to this email. For immediate answers to your questions, visit our Help Center by checking "Help• located on the Amazon page or email.

The same thing happened to my PayPal account.

PayPal ID: 'REL607R492MH We noticed some unusual activity • Account Limitation. We noticed some unusual log in activity with your account.And after a review væ decided to limit your access to your account. • Closing Your Account. We will close your account after I days (24 hours) And you will be banned permanently from our site. • How to avoid closing your account. All We need your help securing your account to prevent unauthorized access. For your satety. CliCk secure MY Account to contirm your informations. Secure My Account

You might be laughing at how cliché these phishing emails are, but remember, the bad actor only needs to trick you once.

We've all of us have been trained to take a closer look at links before clicking on them. And most of the time, malicious links in emails are easy to spot and avoid.

But this doesn’t mean we won’t make mistakes, especially given the sheer volume of links we are bombarded with every day from both personal and work messages. These could be anything from a verification code for a bank account, to sharing links for Google Docs or Microsoft Excel spreadsheets. A malicious link could even be hidden within a submitted résumé for an open job position. 

How to protect against internet-based threats

This is one area where the Lookout Cloud Security Platform can help protect your organization. 

On managed endpoints, we leverage a forward proxy that routes all internet traffic through the Lookout platform. The traffic is then inspected for requests to malicious webpages and sites that don't align with the organization's acceptable use policy. The platform can also detect and bypass personal accounts from further inspection to ensure that employee privacy is maintained. 

But, what about links contained within SaaS apps and private enterprise apps? They too will get analyzed because when you click on a link, your browser will still try to access the link.

Granular and dynamic actions

Once the user’s request gets forwarded to the Lookout platform, our policy engine determines the appropriate action to take. As the internet has become the default corporate network, it’s critical that you protect your users without necessarily denying them their ability to get work done.

With a unified policy engine, we enable organizations to write and enforce granular policies that change dynamically as the context and the content of access changes.

For example, we can define the following parameters:

  • If any user
  • Performs any activity
  • On the following website categories: Fraud/Phishing and SPAM URLs
  • Then deny access to the site

Protection from phishing threats is just one area we need to be thinking about when we enable a hybrid work environment for our users. In some of my upcoming blogs, I'll be illustrate other scenarios that you need to watch out for.

To learn more about how to protect against phishing in this hybrid-work environment, check out our secure web gateway (SWG) product.

2022 Gartner® Magic Quadrant™ for Security Service Edge (SSE)

Lookout has been named a Visionary in the 2022 Gartner® Magic Quadrant™ for Security Service Edge (SSE). We also also scored among the top three solutions in the 2022 Gartner Critical Capabilities for SSE.

Download SSE MQ
TAGS:

Discover how Lookout can protect your data