Work and Life Have Intertwined: Why You Need to Protect Against Phishing on Both FrontsDownload Case Study
Don't bring your personal life into the office; don't bring your work stuff home — these were already difficult tasks prior to the 2020 pandemic. Now, with hybrid work settling in, they've become nearly impossible to achieve.
Where we work is no longer tethered to a static location. From the Wi-Fi we connect to, to the devices we use for work, our personal and professional lives are now closely intertwined.
Personal could easily affect the professional
To break up my day while I’m working, I often want to quickly look at the latest news headlines, social network feeds, or personal email messages. But switching to a personal device is disruptive, so I often do these things on my work computer. Convenience wins.
It’s during moments like this where that personal-professional interaction can have an impact on your organization’s cybersecurity.
On one particular day, I had a lot of strange things happening in my personal life that could have easily impacted my professional life if I wasn't careful.
First, I got an email from Amazon saying my account was disabled due to strange activity and that I needed to click on a link to re-enable.
The same thing happened to my PayPal account.
You might be laughing at how cliché these phishing emails are, but remember, the bad actor only needs to trick you once.
We've all of us have been trained to take a closer look at links before clicking on them. And most of the time, malicious links in emails are easy to spot and avoid.
But this doesn’t mean we won’t make mistakes, especially given the sheer volume of links we are bombarded with every day from both personal and work messages. These could be anything from a verification code for a bank account, to sharing links for Google Docs or Microsoft Excel spreadsheets. A malicious link could even be hidden within a submitted résumé for an open job position.
How to protect against internet-based threats
This is one area where the Lookout Cloud Security Platform can help protect your organization.
On managed endpoints, we leverage a forward proxy that routes all internet traffic through the Lookout platform. The traffic is then inspected for requests to malicious webpages and sites that don't align with the organization's acceptable use policy. The platform can also detect and bypass personal accounts from further inspection to ensure that employee privacy is maintained.
But, what about links contained within SaaS apps and private enterprise apps? They too will get analyzed because when you click on a link, your browser will still try to access the link.
Granular and dynamic actions
Once the user’s request gets forwarded to the Lookout platform, our policy engine determines the appropriate action to take. As the internet has become the default corporate network, it’s critical that you protect your users without necessarily denying them their ability to get work done.
With a unified policy engine, we enable organizations to write and enforce granular policies that change dynamically as the context and the content of access changes.
For example, we can define the following parameters:
- If any user
- Performs any activity
- On the following website categories: Fraud/Phishing and SPAM URLs
- Then deny access to the site
Protection from phishing threats is just one area we need to be thinking about when we enable a hybrid work environment for our users. In some of my upcoming blogs, I'll be illustrate other scenarios that you need to watch out for.
To learn more about how to protect against phishing in this hybrid-work environment, check out our secure web gateway (SWG) product.