Since Covid-19 and the shift towards remote working, cyber threats have dramatically increased in their prevalence and sophistication, with a 50% increase in cyber-attacks in 2021 compared to 2020. Remote work catalyzed this shift, which opened a range of new ways for cyber criminals to breach organizational networks.
As people moved to remote working, users became the weakest link in the Cybersecurity of many organizations, exemplified by cyber criminals using phishing, exploiting unprotected devices and internet connections being used at home, allowing them to access cloud networks where a range of data can become accessible and exploited.
As a result, we have developed a new Cyber Awareness Training package for organizations so that they can transform this weakest link into their strongest Cybersecurity asset. This blog explores this weakest link, why it matters, and introduces our new package alongside some measures you can take now to improve your user-level Cybersecurity posture.
The Bear In The Woods Fallacy: Why Organizations Need To Strive For The Best Cybersecurity
Imagine you’re walking with some friends in the woods, and suddenly your party comes across a bear. You all start running, whilst running, you realize that as long as you’re not the slowest, you will be safe from the bear.
This analogy carries over to the view that many organizations have on their Cybersecurity; they mistakenly believe that as long as their cybersecurity posture is not the weakest, they will be safe from cyber threats. This logic is on the basis that cyber criminals will focus their efforts on the weakest organizations.
However, it doesn’t work this way, cyber actors are using accessible, cheap and widely deployable tools that crawl around the web without human effort, and these tools are constantly testing for vulnerabilities to exploit. In this analogy, it is more like there are lots of bears in the woods; eventually, your organization will inescapably be attacked by them, and it will be up to your users and cyber defenses to keep these cyber bears at bay.
Since Covid, the exponential development of technology has also empowered cyber threats to become more sophisticated and accessible. On the dark web, it is increasingly possible to contract Hacking as a Service actors to target organizations of choice. In the end though, despite the sophistication, many of these threats can only inflict damage with the help of exploiting users.
If you can empower your users with awareness and Cybersecurity training, you can transform your weakest Cybersecurity link into your strongest. Our User Awareness Training package addresses the common and not so common Cybersecurity threats, some of these are summarised below.
Common Remote Working Cybersecurity Mistakes
If your organization supports remote working, there are a number of common threat opportunities that threat actors can leverage to compromise your network:
Working from personal devices
If personal devices such as laptops or mobile phones are being used to access an organization’s network, then the network’s protection against breaches largely becomes as good as the cybersecurity features of the personal devices, presenting a potent potential threat to the organization’s Cybersecurity. This is amplified by the move to the cloud; after access via a user is attained by threat actors, they can then access a great deal of the network’s data.
Using work devices for personal purposes
Similarly, if employees can use work devices for personal purposes, this also opens new channels for threat actors to use. This can look like accessing social media sites, downloading third party apps, or visiting certain websites.
Using a personal home router
A personal home router will tend to lack the safeguards and advanced Cybersecurity measures that a large organization’s industry-standard routers can have, making it easier for cyber threats to bypass the local router connection and to use this to access the organization’s network via a router-connected device at home. The variety of routers used by remote workers will create a patchy layer of security in this area.
Connecting IoT devices
When remote workers use their work devices to connect to IoT devices such as Amazon’s Alexa, without effective measures in place this can compromise network security. For instance, malware can infiltrate devices and enable eavesdropping capabilities that can spread an attack further into an organization’s network.
Cultivate A Cyber-Strong Posture With User Awareness Training
Are you ready to transform your weakest Cybersecurity link into your strongest asset? Infinity Technologies are offering a full Cyber Awareness Training package that equips organizations with the abilities that they need to defend against advanced cyber threats at the user level, all included at $395 for the full package.
Our package includes training, quizzes, simulated threats, scoring and improvement monitoring, and trackable policy and procedure acknowledgement, and more. If you’re ready to empower your people to systemically and sustainably lower cyber threat risks, get in touch with us today.
Defending Against Phishing Attacks With User Awareness: The Basics
With 96% of phishing attacks occurring via email and an average data breach costing organizations $3.92mn, it is crucial to empower users to be able to defend against cyber threats that target them. Here are some key ways to do this for organizations seeking to make a start on implementing Cybersecurity best practices at the user level:
MFA
Implementing Multi-Factor Authentication (MFA) across the board, adds multiple layers of access-security. Aside from a login to your network’s resources, another method such as receiving a verification text to a trusted device with a login code, can be used to ensure threat actors cannot access your network, even if they have the login details of a user.
Password updates
Of course, enforcing the regular updating of passwords enables a continual refreshment of your login details and access point security. Keeping these passwords strong is also key, as a number of attacks will use tools that try to ‘crack’ passcodes using algorithms. MFA in combination with password updates helps you to ensure that aside from human error, threat actors will not be able to access your network by using some employee data and login details alone.
Use work devices for work only
As a best practice, keeping work on work devices is a helpful measure that prevents often breaches of your network. Ensuring users are on the same page about this can go a long way from preventing cyber threats from creeping into your network devices and beyond.
Alongside this, be clear with your staff about the potential threats of accessing unauthorized websites, devices (including IoT devices) and software via their work device, which can also compromise security.
Phishing sanity check
Here is a simple best practice for your users to help them to keep your network protected from phishing attacks:
-
- Check the sender: does the sender address and message reflect the person who is sending the email? Is the signature correct? Check in with your gut feeling about the email.
-
- Grammar check: many phishing emails have poor spelling and grammar, check this to look for signs of phishing.
-
- Impact check: is the message appearing to be urgent and trying to motivate you to take a potentially sensitive action quickly? This can be a sign of a phishing attack. In any case, you could contact the potentially impersonated person to verify the request.
-
- Attachments: only open attachments if each of the above tests have been passed.
-
- Pro check: call Infinity Technologies if you’re in doubt or wish to be absolutely certain, we will be able to identify the integrity of the email.
Users form a particularly crucial focal point for the security of any organization that supports remote working capabilities. By empowering your users to be savvy against cybersecurity threats, organizations can transform their weakest link into their strongest Cybersecurity asset; giving peace of mind, minimizing threats and ensuring compliance. If you’d like to transform your users into network guardians that protect your organization, take advantage of our limited time Cyber Awareness Training package for just $395 by getting in touch with us today.
Infinity Technologies, the best IT provider in Virginia
Are you ready to take your business to new heights in the dynamic landscapes of Virginia, Fredericksburg, and its surrounding areas?
At Infinity Technologies, we’re dedicated to being your premier technology partner right in the heart of Virginia. Our mission is to empower your team, fortify your data security, and propel your business forward with our proactive Managed IT Services. Since 1996, businesses in Fredericksburg, Virginia, have turned to us for swift, personalized, and efficient IT Support, Cyber Security, and compliance solutions.
If you’re seeking to leverage technology to enhance your security, compliance, productivity, and innovation in Fredericksburg and beyond, connect with Infinity Technologies today. Let’s uncover the vast potential that technology offers for your organization. Reach out to us now and embark on a journey toward boundless success.
