Businesses are raising awareness of cybersecurity threats and staying in closer touch with employees as they try to defend networks supporting larger work-from-home populations since the Covid-19 outbreak began.
this year has seen a rise in phishing attempts, Dawn Cappelli, vice president of global security and chief information security officer, said Wednesday at the WSJ Pro Cybersecurity Executive Forum.
But technology and the awareness programs the company put in place to prevent those attacks are working. “We see our employees, for the most part, not falling for those phishes,” Ms. Cappelli said.
Constant communication with its international workforce has proven to be critical to the automation provider’s cyber protection efforts.
With the pandemic’s outbreak, she said, senior executives were really getting slammed with phishing attempts. But, she said, “every time we saw them get hit with a phish, even if it was stopped from getting to their mailbox, we let them know, ‘You are being targeted, this would have been in your mailbox, and the next one might get through.’”
As the pandemic shut offices, Mastercard Inc. doubled down on cyber education, warning its international workforce that the new normal was working in the attackers’ favor.
“The threat actor is going to watch and wait for you to be confused, for you to become emotional, and [for] you to start doing things that are out of the norm,” said Anne Marie Zettlemoyer, the credit-card company’s vice president of security engineering, who also spoke at the event.
Mastercard set up an instructional program telling employees how to spot phishing attempts and how to be cognizant of operational security issues. “We found that thousands and thousands of employees took advantage of that,” Ms. Zettlemoyer said.
Rockwell also is aware that different people learn differently. Some people like to read while other prefer video lessons, Ms. Cappelli said. Rockwell distributes a one-minute video made by employee volunteers talking about a security issue of which they believe others should be aware.
In addition to internal threats, Ms. Cappelli said companies face an increase in internal attacks, typically from disgruntled employees. “Think about people being disgruntled right now. They suddenly are working at home, a lot of companies have had pay cuts, reductions in force, furloughs.”
A big part of preventing those attacks is keeping close to employees. Rockwell has pushed managers to stay in touch with workers, to talk to them about how they are doing.
“We really are reinforcing the people aspect of being a manager. And I think that goes a long way to helping you to detect when someone may be a potential insider risk,” she said.
Write to John McCormick at [email protected]