Cybersecurity blog Cybersecurity blog
Quality Security Awareness Training Has Never Been More Important
Facebook Twitter LinkedIn

Quality Security Awareness Training Has Never Been More Important

blank
Guðrún Vaka Helgadóttir
7 min read ∙ May 8, 2020
blank

News, emails and social media posts about Covid-19 will get the most attention these days. Hackers are ready, willing and able to use this to their advantage. This, however, is the right time to use only trusted news outlets and not let fear lead you into falling for online-scams, such as buying surgical masks, vaccines or tests from websites you don‘t know. This is where quality security awareness training comes in.

Woman with red hair in kitchen about to stick a fork into a green toaster. Still from video about quality Cybersecurity awareness training.

Just the other day we got a friendly but unsolicited email from an unknown person with the subject line “Ideas for businesses and employer’s workspace for a coronavirus (covid-19) outbreak avoidance“. The email came with a short message stating that in the attached excel document we’d find directions about spread prevention in the work environment. Needless to say, and due to quality security awareness training, this attachment was not opened. But this is just one of the methods used by cyber criminals during this pandemic.

The Forced Digitization of the Workplace

The Covid-19 pandemic forced many workplaces to digitize over night. We predict that this will have a lasting effect on many workplaces. For most of us work-life has been changed, at least for as long as restrictions due to this pandemic last.

Home office for employee working from home as is the trend during Covid-19. Working from home requires quality security awareness training.

Industries that before this situation had prohibited remote work have been forced to digitize. This includes bankers and aerospace engineers to almost every teacher around the world. Another sectors that has had to digitize even more than before is the health care industry. One of the most vulnerable in the cyber space. The importance of quality security awareness training for these sectors has never been more clear. This is why AwareGO has created ready made quality security awareness training programs for both the finance and health care sectors.

Quality Security Awareness Training While Working From Home

It’s always important to be careful on-line. Now that so many are working from home or simply staying at home the internet has become one of the riskiest places to be. Hackers use our quest for news, information, entertainment and solutions during this pandemic to their advantage. There is no shortage of people who believe in the latest snake oil pitch, want to buy vaccines, tests or protective clothing. Some are simply unaware that just because a URL entails the word “covid“ it might not be an official website with good information.

Phishing email on a computer while working from home. Shows the importance of quality security awareness training

Many of these people are now working from home. At home the behavior is different than at the office and cyber security measures are lacking. Hackers have a better access to these employees than ever before, which poses a great risk for companies. This is a great time for companies to offer quality security awareness training to their employees. And no, we do not mean sending out a phishing simulation!

Hackers Prey On Pandemic Fear

Corona virus-related fraud is up 400%. Hackers are developing websites, apps, and tracking tools that claim to provide real-time information about the virus, promise financial assistance or corona testing kits and treatments. For those anxious for information, it’s easy to be lured to a fraudulent site and fall victim to a cyber attack. People who have received quality security awareness training are less likely to become victims of such scams.

Here are the Biggest Covid-19 Cyber Scams and Hacks We’ve Heard of:

  • A well-established APT group unsuccessfully tried to hack the World Health Organisation (as if they didn’t have enough to deal with). The hackers reportedly used a malicious website that impersonated WHO’s internal email system in an attempt to steal passwords from WHO staff. Kaspersky has reported that similar web infrastructure has been used to target other health care and humanitarian organizations.
  • Hackers have been hijacking home routers and changing their DNS configurations. This is done in order to redirect users to malicious content that’s posing as a WHO alert. Web browsers display a false message urging users to download a COVID-19 information app that then steals their data.
    Hackers are thought to have been able to compromise home routers because their owners left their remote access open or used weak passwords. This highlights the need to secure the home WiFi as one of our security awareness training videos recommends. The video is now part of our ready-made Working from Home training program.
You can watch this and many other cybersecurity training videos on our YouTube channel.
  • There seem to be no lengths hackers won’t go to during this Covid-19 crisis. At the end of March 2020 they launched a cyber attack on the Italian social security website. They forced it to shut down temporarily as the most vulnerable in society were starting their claims for a meager crisis payout from the Italian government. The hackers are thought to have exploited a weakness or flaw in the web application. They then launched a DdoS attack. If this is a professional cyber gang they might continue their efforts in the hope of getting a ransom for stopping.
  • Hackers have reportedly also attacked a vaccine test center. The ransomware attack was performed by Maze, a leading cyber-crime gang that, days before, pledged not to attack healthcare and medical targets. Guess you can’t even trust criminals these days. Although the attack was repelled with no downtime for the Hammersmith Medicines Research facility the Maze group did get away with some patient records and has already published some of them online.
  • Health care workers have also been targeted in a ransomware campaign that used Corona-virus as bait. This new and dangerous Windows ransomware attack, also known as NetWalker, starts with a general phishing attack. It has been targeted towards people working in the healthcare sector.
  • In more positive news: Emsisoft is offering to help hospitals and healthcare providers hit by ransomware free of charge.

And this is just the tip of the cyber iceberg. On an individual level people are being scammed left and right. For instance with promises of divine cure in exchange for donations, sold out protective equipment, Covid-19 tests, vaccines and even hand sanitizers.

Quality Security Awareness Training to Combat Disinformation

Over 2000 new phishing domains have been set up over the past month to capitalize on the surging demand for Zoom from home workers, according to new data from BrandShield. Over 100,000 domains have been registered with covid, virus and corona. They can for example be used for phishing attacks with social engineering methods playing on the fear of people or their wish to find a vaccine or for ransomware attacks against hospitals.

Secure online meetings were in demand after the Covid-19 pandemic began.

And then there is the dangerous spread of disinformation. Upon reviewing phishing attempts since the beginning of this year, there is a rising number of attackers, impersonating news outlets or journalists. For example, attackers impersonate a journalist to seed false stories with other reporters to spread disinformation. In 2019, one in five accounts that received a warning was targeted multiple times by attackers. If at first the attacker does not succeed, they’ll try again using a different method or account.

The list goes on and there obviously is no bottom as to how low cyber criminals will go for money.

Two people seen from behind looking at computer screens with ransomware messages. Avoiding ransomware attacks is one of the main goals of any quality security awareness training.

Boost Your Quality Security Awareness Training Efforts During Trying Times

While us normal folks hang back, stay indoors and work from home, let’s not forget about cyber security. Follow our tips on security awareness while working from home. Remote work has been on the rise for years and after Covid-19 the trend is here to stay. No matter how much our bosses might want us to return to the office.

Stay Safe!

P.S. Are you an MSP or MSSP? Offer your clients the highest quality security awareness training available. Check out our partner program.

Join AwareGO as a partner

Are you an MSP or an MSSP? Offer your clients the highest quality security awareness training, Human Risk Assessment and the simplest training platform available through our partner program.

blank
blank
Guðrún Vaka Helgadóttir
7 min read ∙ May 8, 2020

Become cyber secure

You and your employees are going to love AwareGO. It’s a modern, cloud-based system for managing human risk, from assessment to remediation. We’ve made it super easy — schedule your first assessment or training in minutes.

Get started for free and give it a go right now.

You’ll love the way AwareGO can fit into your existing infrastructure. Our robust APIs, widgets, and content available in SCORM format make sure that the integration is seamless. We also integrate with Active Directory, Google Workspace, and popular tools like Slack and Teams.

Contact us and our experts will recommend the best way to integrate.

Upgrade your cybersecurity business by adding human risk management to your existing portfolio of services. Increase your deal size by leveraging Human Risk Assessment or offering Security Awareness Training to your current customers and creating a new revenue stream.

Contact us to become an AwareGO partner, and we will support you every step of the way.

Join top companies worldwide in the mission to make workplaces cyber-safe

Get started free
blank blank blank blank blank blank blank blank blank blank