Real World Risk Management Practical HR Resources
welcome
Are you a new user?
REGISTER HERE





RETRIEVE PASSWORD
print   email   Share

Cyber Awareness Leads To Better Cybersecurity

A decline in operations during the COVID-19 pandemic is leading to an increase in risk for many organizations. When data or networks are idle and not being monitored as frequently, they make easier targets for cybercriminals.

In addition, stress and a lack of clear direction during the pandemic may create unintentional insider cyber threats.

Phishing attacks related to COVID-19 are increasing and many appear to come from a legitimate organization. Trojan attacks often trick employees by masquerading as "important updates, financial rescue packages, or emergency benefits."

Cybercriminals can steal money from an organization through the use of ransomware. Organizations should protect their finances from a cyberattack by improving their financial payment release structure and watching for large, non-standard payments.

Backups of critical systems are essential during the pandemic. Create multiple backup locations and check that they are performing correctly. Regularly back up data off-line.

Finally, organizations should improve their incident and crisis management systems and link them to actionable contingency plans. Have a backup channel for communicating throughout your organization in the event that your network is compromised. Brent Whitfield "How to Minimize the Risk of Insider Threats (Physical and Cyber) During COVID-19" securitymagazine.com (Jun. 16, 2020).

 

Commentary

Additional cybersecurity training for your employees should supplement, not replace, your routine cyber training, updates, and reminders. Share your organization’s cyber policies and guidelines any time work situations for employees change.

Remind employees of cybersecurity best practices, paying particular attention to areas of increased risk. Go over top recommendations, including using strong, unique passwords; enabling two-factor authentication; and protecting all devices with up-to-date anti-virus and firewall software. Require employees to encrypt data on laptops when working remotely. Train them to avoid plugging in USB drives, which can be loaded with malware.

Train employees to watch for incorrect grammar, spelling, and punctuation as well as design flaws in emails, which could be a sign of a phishing scam.

Confirm that employees know whom to contact if they fall victim to a cyberattack. If possible, create a helpline or online chat line for employees who have cybersecurity questions. Encourage employees to ask first if they think an online practice could be unsafe.

Finally, your opinion is important to us. Please complete the opinion survey:

Strengthening The Weakest Link To Prevent Social Engineering Attacks

Twitter experiences a social engineering attack. We explain why training and strong policies can help strengthen your weakest security link.

read more

Are Your Employees Ransomware Ignorant?

A new survey suggests that many employees don't know what ransomware is or how to avoid it. Read tips for protecting your organization and its data.

read more

New Vulnerabilities Are Emerging: Addressing Multi-Vector Attacks Now Is Important

Cybercriminals are using more sophisticated techniques, including attacking Macs and multi-vector attacks. Learn what steps can prevent such attacks.

read more

Cyber Awareness Leads To Better Cybersecurity

Employers must stress cybersecurity practices for teleworking employees. We examine.

read more