There is no doubt that the global pandemic has disrupted lifestyles with new threats both offline and online. Beyond the Covid-19 virus transmission, online risks have grown with the rapid changes occurring for people, processes and technology. Here are three reasons that security awareness training is more important now than ever before.
In this article we cover:
- Phishing and ransomware are dramatically increasing
- Working from home creates a new set of cyber risks
- Addressing home technology weaknesses and new processes
Phishing and Ransomware Are Dramatically Increasing
First, according to numerous sources, phishing attacks have skyrocketed during the pandemic. One report highlighted increases of almost 700% in phishing attacks, and most of these threats were somehow related to the new normal related regarding the pandemic.
These threats are also being targeted to the changing situations that employees are experiencing with topics ranging from company fake news to local virus transmissions to restaurants that are opening on closing.
Yes, staff need to be on high-alert in this new environment, but they also need to be trained in what to watch-out for and how to respond if/when the attacks show up in their inboxes.
Second, not only are phishing attacks up, but ransomware is evolving and threat growing during the pandemic. The risk to enterprises is increasing, with some organizations paying millions of dollars to resolve these cyberattacks. Other organizations, like Cannon, have recently had 10TB of data stolen from servers during a ransomware attack.
Hospitals and even healthcare contractors have been hit with ransomware over the past several months, which has patient data and impacted care.
These sophisticated cyberattacks have surged at the same time that hospitals and other organizations have seen a growth in client needs and required more services. The attacks have even impacted Apple Mac computers, which many people thought to be immune from such threats. Thus, the audiences that need security awareness training must go beyond the boundaries of what many supervisors thought necessary in 2019.
Third, these phishing attacks are coming from a wide variety of convincing sources – with scary results. For example, bad actors are using artificial intelligence (AI) to create fake news (that looks very real) about everything from elections to virus vaccine news.
This example shows how clicking on one email left a business in big trouble, and highlights that even if excellent technical protections are put in place, the employee will always be the last line of defense.
Effective security awareness training, along with phishing simulation, can ensure that staff have the tools and knowledge to respond, even if they are at home.
Working from Home Creates a New Set of Cyber Risks
When staff moved out of offices to working from home (WFH) there was oftentimes less support from technology and more security threat issues. The reasons vary for working at home challenges, and these risks and solutions are articulated in this Security Mentor best practice white paper with remote workforce checklists.
Some staff were forced to use home technology when moving home during the pandemic, and tech needs can range from desktop PCs to laptops to printers to other supporting devices. These devices often do not have adequate controls in place, and some staff will be tempted to merge home and works tasks and data.
Some of the concerns that staff have from remote environments include ensuring that computers a virtual private network (VPN) is available send data securely, the need for multi-factor authentication, reuse of passwords with home environments, the need for backups as well as the importance of keeping sensitive data separate from home data. All of these topics can benefit greatly from security awareness training.
Addressing Home Technology Weaknesses for Remote Workers
Last, but certainly not least, remote workers face a different set of threats. Oftentimes, work processes change, and you can’t just walk down the hall to resolve issues – as was done at the office. Bad actors will also take advantage of these weaknesses to trick staff to send data to the wrong place, circumvent controls, give up their credentials, or even to send money or other resources to unverified people or locations. A new way of thinking generally must be employed at home, addressing people, processes and technology in a holistic fashion.
Security awareness training has always been a must for every organization, and the pandemic only has amplified this need. Now is the time to ensure that your organizations’ remote transformation is done securely by training all staff with targeted training that will help them be secure – even when working at home. Security Mentor’s training model of brief, frequent, focused security awareness training is especially suited to these times as we deliver relevant, interactive training in bite-sized chunks that focus on specific topics such as working remotely.