sb-eu logo
Story image

Training is essential to build cybersecurity awareness

26 Jun 2020

Article by Fortinet A/NZ and Pacific Islands regional director Jon McGettigan.

The sharp increase in people working from home has created a number of security issues for organisations. Their perimeter is no longer well-defined, and includes the laptops and smart devices of all of their workers, scattered around the country. At the same time, cybercriminals are on the hunt for new victims and know that COVID-19 has created a new raft of vulnerabilities. More than ever, businesses need to ensure that all their workers have the right skills and training to protect the business from cybercrime.  

The fact that cybercriminals are constantly on the lookout for lucrative targets isn’t news to anyone at this point. The threat is growing even more complex with the addition of COVID-19 related scams that frighten people into clicking on malicious links and providing their personal information to cybercriminals.

Most office workers have been largely protected from cybercrime in the past because they work behind a secure corporate firewall with inbuilt security features such as anti-malware and intrusion detection systems. The onset of COVID-19 meant entire workforces needed to work from home with little notice. In many organisations, workers are using a combination of corporate and personal devices to access corporate data and systems. This creates new levels of complexity for IT and security teams who need to gain visibility into all the devices that are accessing corporate networks and ensure they’re not introducing cyber threats.

While IT and security teams work to put the right security tools and solutions in place, it’s important for every member of the organisation to be aware of their responsibility when it comes to keeping the organisation safe from cyber attacks.

Cybersecurity is the responsibility of every single person in the organisation. This means cybersecurity awareness is just as important for end users as it is for the IT team. This awareness doesn’t just happen; every business must take responsibility for educating its users to reduce the risk of a social engineering or phishing attack being successful.

Organisations need to take the time to educate all users regarding the types of threats and scams they may be exposed to, and provide advice on what users need to do when confronted by a possible attack.

This can be as basic as reminding users not to click on links in text messages or emails but, rather, to enter the URL of a website directly into their browser. This can help avoid attacks where users are directed to spoof websites that capture their login details and other sensitive information.

Furthermore, users should be reminded to update all applications as those updates become available, as this helps protect against known vulnerabilities and threats. They should be warned not to open attachments they weren’t expecting to receive and to treat with suspicion any text message or email that includes an offer or discount that seems too good to be true.

It’s important to note that it isn’t generally sufficient to provide employees with a one-time information session regarding cybersecurity. Instead, organisations should communicate consistently and frequently regarding the threats that are being faced and how to avoid them. Some organisations incorporate gamification and other methods to keep cybersecurity training fun and interesting. This can be an effective way to ensure that people are understanding and heeding the message regarding their role in keeping the organisation cyber secure.

Cybercriminals often leverage ignorance or innocence to launch their attacks. When everyone in the organisation is cybersavvy, these types of attacks just won’t succeed. Cybercriminals must then move onto new approaches or new targets, and they typically choose new targets because it’s easier and more cost-effective for them. By enlisting everyone in the fight against cyber attacks, organisations can dramatically improve their security posture without spending a cent.

Story image
Kaspersky releases new report on consumer’s approach to digital services
COVID-19 related restrictions and the necessity to stay indoors has influenced the way people approach digital services, making them more aware of how securely both they, and their housemates, use the internet.More
Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More
Story image
Acronis announces new security endpoint solution
The solution is an integration of data protection and cybersecurity which provides customers with effective endpoint protection in a landscape where the pointlessness of perimeter security is becoming more pronounced.More
Story image
Why it’s essential to re-write IT security for the cloud era
Key components of network security architecture for the cloud era should be built from the ground up, as opposed to being bolted on to legacy solutions built for organisations functioning only on-premises or from only managed devices.More
Story image
Research: 61% of companies have suffered an insider attack in last 12 months
It comes as rapid migration to cloud and remote working and BYOD scenarios leave organisations increasingly vulnerable to insider attacks as a result of the upheaval caused by the COVID-19 pandemic.More
Story image
Proofpoint launches new SMB focused security awareness training
Proofpoint has launched security awareness training for small to medium businesses (SMBs) with the aim of reducing successful phishing attacks and malware infections to almost zero. More