- Security TWENTY
- Women in Security Awards
The Covid-19 outbreak has given rise to an increase in the number of state-sponsored cyber attacks, as companies have more employees work from home.
In a joint alert from, in the United States, the Department of Homeland Security (DHS), Cyber security and Infrastructure Security Agency (CISA), and the UK’s National Cyber Security Centre (NCSC), combating such attacks often rely exclusively on users being able to spot phishing emails.
Colin Tankard, Managing Director of cyber security company, Digital Pathways, pictured, says: “One of the first lines of defence to prevent such attacks, is the training of employees into recognising exactly what a phishing attack is.
“Once an employee understands the look and feel of a phishing attack, the more they are able to report and delete them, as opposed to clicking on bogus links and opening up, both themselves and their employers, to a hack.
“There are really good, simple to roll out, systems for training available now. KnowBe4 is one that offers an enterprise awareness-training programme. It uses baseline testing using mock attacks, engaging interactive web-based training, and continuous assessment through simulated phishing, vishing and smishing attacks, to build a more resilient and secure organisation.”
The DHS, CISA and NCSC further advice organisations to widen their defences to include more technical measures that can improve resilience against phishing attacks including:
1. Make it difficult for attackers to reach your users
2. Protect your organisation from the effects of undetected phishing emails
3. Respond quickly to incidents
4. Plan for a percentage of phishing attacks to be successful. Planning for these incidents will help minimise the damage caused.
Further guidance was provided for users of communication platforms, such as Zoom and Microsoft Teams.
1. Do not make meetings public. Instead, require a meeting password or use the waiting room feature and control the admittance of guests
2. Do not share a link to a meeting on an unrestricted publicly available social media post. Provide the link directly to specific people
3. Manage screen-sharing options. Change screen sharing to “Host Only”
4. Ensure users are using the updated version of remote access/meeting applications
5. Ensure telework policies address requirements for physical and information security.
Tankard adds: “Home working can cause a big problem to organisations, as they are unable to provide the quality of cyber security systems that run as standard to home workers, many of whom are using their own personal devices. Therefore, being able to train employees remotely is a huge tool in their cyber defence arsenal and one that should be implemented urgently to help limit and potential breach.”