In the rapid transition to remote working your people firewall could be your most valuable investment in the fight against cybercriminals.
A staggering 99% of cyber-attacks rely on your users taking some form of action, be it clicking a link, entering their credentials or even running their code, according to research from Proofpoint.
Why is that important? Cyber-attacks are on the rise as cybercriminals look to capitalise on the vulnerability of the Covid-19 pandemic – particularly targeting remote workers who have less protection from the corporate security perimeter. The fast adoption of new ways of working, quick (and sometimes hasty) software deployments and the reliance on personal devices has unfortunately increased the risk of attacks – it’s time to fight back.
Why the heightened risk for remote workers?
People across the world have had to pack up and leave the comfort – and the security – of the office to work from home. In many cases, employees are using personal devices or BYOD (bring your own device), which presents a number of security challenges. From the use of outdated anti-virus software (or a complete lack of) to limited control or visibility over what new or pre-existing downloads are being made to devices, which could be malicious and compromise security.
In many instances, we know that users are becoming increasingly frustrated with the solutions available and it is highly likely that we will see a sharp rise in ‘shadow IT’ as employees act to find their own solutions. A timely example of this is the use of Zoom video conferencing. Following an initial surge in the number of new users, many organisations like google have now banned their staff from using the platform due to a number of reported security breaches.
In addition, the thirst for knowledge on the topic of Coronavirus has opened a can of worms in the cyber security domain, with Covid-19 phishing emails or malicious content sharply on the rise.
According to a Proofpoint blog on the Coronavirus Threat Landscape, by mid-March they had already seen over 500,000 messages, 300,000 malicious URLs, 200,000 malicious attachments with coronavirus themes across more than 140 campaigns.
“The coronavirus-themed messages we’ve observed are truly social engineering at scale and each is carefully crafted to convince potential victims to click a malicious link, complete a fraudulent payment, or download nefarious attachments. These coronavirus email examples are, at their core, focused on tricking the people receiving these messages based on urgency, fear or the promise of a miracle cure,” reports Proofpoint.
What can you do to raise awareness of cyber security among home workers?
We spoke to Trustmarque’s Cyber Security Practice Lead, James Holton who provided the following recommendations:
- Ensure your access controls for remote users are up-to-date. Zero trust might be a stretch but ensuring you have multi-factor authentication enabled is a good start.
- Shadow IT is more prevalent as normal business has become harder for most employees. This inevitably means people will go out and find their own solution. Ensuring you have visibility of all the new shadow applications and control of these is critical.
- Help your users understand the risk. No preventive tool is perfect and attackers are targeting the uncertainty, and the paranoia in the media. It is paramount to help your users understand the risk especially if they are working in a new way.
- Specific call out for those who have rolled out new collaboration tools. Consider how you are monitoring your data as it moves into SaaS applications and you open your business up to 3rd parties?
“How you educate your users can really help your business fight cybercrime.”
Increasing the security awareness for remote workers – your people firewall
“How you educate your users on cyber security and make them more aware of the cyber security threats they face can really help your business fight cybercrime,” says James Holton
“Training is one of my preferred tools to deploy in a customer environment. They are relatively cheap – and in some cases there’s lots of free content – and yet deliver demonstrable ROI.”
James reveals that cyber awareness training can significantly reduce the susceptibility to attack. He says it’s not uncommon that after running the first attack simulation on malicious email, organisations might expect as many as 80% of users to open the email, 40% to click the link and 15% to provide their login details, or the keys to the kingdom. After running targeted training for 12 months, they can however reduced their “successfully phished” to well under 1%.
Raise your Security Awareness with Proofpoint
Our expert security partner Proofpoint has developed a wealth of interactive, bite-sized awareness and training materials to help organisations to improve security awareness among their employees, including home-based workers. This includes:
- Interactive Training Modules
Help employees make the right decisions when face-to-face with a wide range of cybersecurity risks, from phishing attacks to insider threats. Each engaging interactive module takes just 5-15 minutes to complete and simulates real-life situations.
- Awareness Videos
Videos are a great way to introduce your employees to the importance of security awareness training and to reinforce what they’ve already learned, increasing knowledge retention.
- Security Awareness Materials
Customisable cybersecurity awareness e-posters, images, and articles are designed to reinforce your education initiatives, keeping security top-of-mind.
Cyber Security Solutions
We know that the rapid transition to home working is placing pressure on IT teams and increasing the risk of security breaches.
We can help your organisation identify your true risk and exposure to cyber threats. Our expert cyber security team can facilitate remote advice and guidance to help improve your posture – now and in the future.
We’re in IT together
By Katherine Murphy, content enthusiast