Cybersecurity remains a growing challenge for employees at all companies. Although these solutions provide sufficient protection from data breaches, human error remains the source of breaches.
HUD’s cybersecurity awareness training, also known as the Cyber Awareness Challenge, aims to bolster employees’ security knowledge and help them recognize cyberthreats. In this article we will cover some of the most commonly studied topics and best practices for earning a Cyber Awareness Certificate.
Phishing
Phishing attacks are attempts to induce someone into parting with personal information by sending fake emails or texts from trusted sources, or creating fraudulent websites that appear legitimate, to collect personal details such as usernames and passwords or credit card details that attackers could then use to gain entry to accounts, steal identities or incur fraudulent charges against individuals.
Attackers use targeted phishing attacks to target specific groups of people – be they professions, age groups or locations – making their message more tailored and likely for the victim to respond – this practice is known as spear phishing and can be very effective; for instance in 2020 hackers posing as Twitter help desk staff targeted executives by asking for login credentials to a fake website; they were then able to gain access to high-profile accounts such as those belonging to Barack Obama and Elon Musk!
Hackers can gather an impressive amount of information about their targets from public resources like social media and LinkedIn, which allows them to craft convincing fake messages. Hackers may also check whether the email address they are targeting has registered with DMARC, a domain name system which registers and verifies email sender authenticity, making it more difficult for phishers to impersonate legitimate business email addresses.
AI chatbots have also become increasingly popular to support phishing campaigns. These bots can make the scammer appear trustworthy while tricking the user into clicking a link that downloads malware.
Phishing is one of the most prevalent cybercrimes, yet can be hard to spot. Phishers have become more sophisticated with their attacks; therefore it is crucial that victims can detect phishing attacks by being aware of URLs, attachments and links used by attackers. Furthermore, multi-factor authentication, strong passwords and keeping software updated should all be in place as preventive measures against phishing attacks.
Public WiFi
Imagine you’re sipping coffee while balancing your bank account at a local coffee shop on Saturday morning, while using free public Wi-Fi available there for use by anyone – the cybercriminals are quietly monitoring this network, listening in on what traffic passes through it to steal passwords, track your online activity or inject content into websites you visit using so-called man-in-the-middle attacks – one of the main cybersecurity risks on public Wi-Fi networks.
Public WiFi hotspots can be found everywhere from airports and hotels to cafes, and often for free and without security measures such as Transport Layer Security (TLS) that would scramble data and render it unreadable by anyone intercepting it. They present hackers with an opportunity to gain information from unwitting users while being exploited themselves by malicious users looking to gather valuable data. Unfortunately, not every public WiFi hotspot provides enough protection.
An attack over public WiFi can be extremely hazardous to both your personal and professional lives, placing both at risk. An attack could expose confidential files to hacking, breach an NDA agreement or threaten your job; so it is imperative for employees and business owners alike to be aware of the potential dangers posed by using public WiFi and implement strong cybersecurity protections into their organizations’ processes.
One effective strategy to mitigate risk is avoiding public Wi-Fi altogether and instead using a VPN service to encrypt and protect any files being sent or received over this connection.
Cybersecurity experts strongly advise avoiding public WiFi for sending and receiving sensitive data, especially if possible. When necessary, use a virtual private network (VPN), such as Aura VPN that provides end-to-end encryption of your information.
By choosing a reliable VPN, cybercriminals will be prevented from spying on your activity or stealing passwords. Another method to keep devices secure is setting them to automatically reconnect only to networks requiring password authentication; you may also ‘forget’ public WiFi networks in your Wi-Fi settings once finished using them; finally make sure the network name matches that of an official one and not an illicit hotspot!
Remote Work
Working remotely has become an integral part of many employees’ jobs. The flexibility allows workers to find their own creative space – whether that be at home, an inspiring local cafe or even when traveling on business trips. But while remote work has become an indispensable feature of workplace life, there are drawbacks pertaining to information security that need to be considered when planning remote working arrangements.
Cybercriminals are constantly searching for ways to gain access to sensitive data, whether through unsecure Wi-Fi networks or unpatched software. Employee devices may even be compromised to gain corporate login credentials – however, using remote access solutions such as VNC can keep companies secure.
Remote Access Platforms allow your employees to securely connect their laptop, tablet and/or smartphone from anywhere around the world to your company network, without using unprotected Wi-Fi networks or mobile hotspots – this ensures their data stays protected when working outside of the office.
Assuring that your remote employees have access to cutting-edge technologies and platforms can help keep them motivated, increase productivity and boost morale. This includes fast internet connections, reliable applications and tools that make working together virtual teams simpler.
Create cybersecurity policies requiring the use of approved messaging programs with encryption as well as computer security schedules and protocols, such as remote software updates or remotely wiping lost or stolen devices if necessary. An ideal way to implement these practices would be through an managed device management system which will handle most of these functions for you.
Working remotely may not be for everyone, but it can be an excellent solution for professionals who enjoy having the freedom of working from wherever they choose while still producing quality output for their employer. Working remotely also reduces commuter expenses while cutting carbon emissions and helping fight climate change; according to Adaptive Structuring Theory one car trip could save equivalent to planting 91 trees! It also may allow you to live your ideal city without being tied down to pricey downtown hubs or settling for jobs you don’t enjoy as much.
Cybersecurity for Senior Executives
Even executives with high levels of security awareness can fall prey to cyber attacks. Criminals target senior managers because they possess access to sensitive data, valuable assets, and decision-making power; using social engineering techniques like phishing emails, phone scams or other unlawful means they can gain entry and steal sensitive data.
C-level executives must take an active stance against cybersecurity threats within their organizations and become advocates for security awareness training aimed specifically at them. Engaging them with this process is key.
Executives should lead consideration of cybersecurity implications across functions and departments, rather than leaving it solely up to the CISO. Executives can help ensure that business managers include cybersecurity into product, customer and location decisions; human-resources teams implement security best practices when hiring/retaining talent; communications leaders include cybersecurity priorities in their annual public affairs agendas.
Finally, executives should set an exemplary example and build a solid foundation for their leadership team by taking appropriate precautions at work, using secure passwords, and creating an positive digital culture. Furthermore, it should be made clear to their management team that any breach or loss of company data will be held accountable by these individuals.
Success for most organizations often hinges on winning executive level support for their program, and this can be accomplished by speaking their language and showing the direct impact that cyber threats have on business operations and financial results. By explaining the cost associated with data breaches on partners, customers, supply chains and supply chains – making cybersecurity truly a CEO-level concern and not left to IT teams or annual reviews alone – can demonstrate just that.
Morrisec offers tailored cybersecurity awareness training to executives that includes tabletop exercises that simulate real threats and give participants the chance to practice and develop their response skills for any real-world cyberattack.