Real World Risk Management Practical HR Resources
welcome
Are you a new user?
REGISTER HERE





RETRIEVE PASSWORD
print   email   Share

Cyber Awareness Leads To Better Cybersecurity

A decline in operations during the COVID-19 pandemic is leading to an increase in risk for many organizations. When data or networks are idle and not being monitored as frequently, they make easier targets for cybercriminals.

In addition, stress and a lack of clear direction during the pandemic may create unintentional insider cyber threats.

Phishing attacks related to COVID-19 are increasing and many appear to come from a legitimate organization. Trojan attacks often trick employees by masquerading as "important updates, financial rescue packages, or emergency benefits."

Cybercriminals can steal money from an organization through the use of ransomware. Organizations should protect their finances from a cyberattack by improving their financial payment release structure and watching for large, non-standard payments.

Backups of critical systems are essential during the pandemic. Create multiple backup locations and check that they are performing correctly. Regularly back up data off-line.

Finally, organizations should improve their incident and crisis management systems and link them to actionable contingency plans. Have a backup channel for communicating throughout your organization in the event that your network is compromised. Brent Whitfield "How to Minimize the Risk of Insider Threats (Physical and Cyber) During COVID-19" securitymagazine.com (Jun. 16, 2020).

 

Commentary

Additional cybersecurity training for your employees should supplement, not replace, your routine cyber training, updates, and reminders. Share your organization’s cyber policies and guidelines any time work situations for employees change.

Remind employees of cybersecurity best practices, paying particular attention to areas of increased risk. Go over top recommendations, including using strong, unique passwords; enabling two-factor authentication; and protecting all devices with up-to-date anti-virus and firewall software. Require employees to encrypt data on laptops when working remotely. Train them to avoid plugging in USB drives, which can be loaded with malware.

Train employees to watch for incorrect grammar, spelling, and punctuation as well as design flaws in emails, which could be a sign of a phishing scam.

Confirm that employees know whom to contact if they fall victim to a cyberattack. If possible, create a helpline or online chat line for employees who have cybersecurity questions. Encourage employees to ask first if they think an online practice could be unsafe.

Finally, your opinion is important to us. Please complete the opinion survey:

Credential Stuffing: A Singular Reason Why You Need To Have Different Passwords For Your Accounts

The FBI warns businesses of the growing threat of compromised login credentials. User password behavior is a big part of the cause. We examine.

read more

Is Having A "Gold Image" The Key To Defeating Ransomware?

A hospital employer says a cyberattack led to the death of a patient. Read how quality backups keep clients safe and allow you to say "no" to paying cybercriminals.

read more

Cybersecurity Training Remains Important Even In Lockdowns

Minimizing administrator privileges and conducting annual training are two ways to keep data safe. Learn more.

read more

Watch Out For Phishing Emails Claiming Layoffs And Other COVID-Related Topics

Cybercriminals are sending emails, claiming their target has been laid off, among other COVID-related phishing scams. Read how to help protect yourself.

read more