Cyber-security is not just about the tech, it’s also very much about human behavior. Hopefully by now you’ve educated your staff and volunteers about email phishing attacks and they’re thinking twice before clicking links or attachments from unknown senders.
On-demand assessment of suspicious emails and attachments is included in every Codestar monthly service plan.
But now, a slick new type of phishing attack can load malware through Google Calendar and Gmail. Because Google products are so widely used and trusted, every business should take prompt action to protect its computers and network from this exploit.
What you can do about the Google Calendar threat
People access these Google applications via both smartphones and computers. Possibly your company computers! So, how can you reduce the risk of a calendar invitation attack that affects your network?
First, get an overview by reading this article from wired.com: Tricky scam plants phishing links in your Google Calendar. Then tackle the threat from three directions: Configuration, Policies, and Training.
Configuration
- Adjust each user’s Google Calendar settings to defend against this attack, as specified in the article above and other tech sites.
- It is also possible to configure your business computers to block access to certain web pages or domains, ensuring that employees or volunteers don’t visit them.
Policies
- If you do not have any policies on acceptable use of your company’s computers and Internet access, this is a good time to get started.
- If your users are allowed to access Google Mail and Google Calendar from company devices, we urge you to require that they adjust their calendar settings to defend against this attack, as specified in the article above.
- If your business does not depend on these Google applications, you might consider a policy that disallows their use on company equipment.
Training
- Train your users. (1) Briefly explain this type of threat (2) Describe the harm that malware could cause to your network and the continuity of your business (3) Demonstrate how to adjust calendar settings.
- If you have a policy, train them on that as well.
- Document the training you provide for each individual. This might help protect your business from certain penalties if you ever suffer a harmful data breach that’s subject to audit or investigation.
Need help to prevent (or recover from) a phishing attack?
Some businesses have in-house capabilities to complete all of the recommended actions above. But others will need assistance with some part of it. If you need help with prevention or recovery, contact Codestar for a free initial consultation.
Whatever you do, take action soon. Phishing is the most pervasive cyber security problem today, and it’s not going away.