The importance for security awareness for remote workers has been further emphasised of late as there have never been more people working from home as there are now during the COVID-19 pandemic.
Sadly, remote workers are now being actively targeted by hackers who see them as providing an easy way to obtain access to their corporate networks to steal sensitive data, and install malware and ransomware.
Companies may have already given their staff security awareness training to make sure they are made aware of the risks that they are likely to come across and to teach them how to recognize threats and respond. However, working from home introduces many more risks and those risks may not have been covered in security awareness training sessions designed for protecting office workers. It is also important to conduct training regularly and to reinforce that training. This is especially important for remote workers, as risk grows when employees are working remotely.
Better Security Awareness for Remote Workers Necessary as COVID-19 Crisis Worsens
Naturally, as an email security solution provider, we strongly advise the use of a strong email security solution and layered technical defenses to safeguard against phishing, but technical measures, while effective, will not stop all threats from reaching inboxes. It is all too simple to place too much reliance on technical security solutions for safeguarding email environments and work computers. The truth is that even with the best possible email security defenses configured, some threats will end up reaching inboxes.
The importance of conducting security awareness training to the workforce and the benefits of doing so have been highlighted by many studies. One benchmarking study, conducted by the security awareness training provider KnowBe4, showed that 37.9% of employees are tricked by phishing tests if they are not provided with security awareness and social engineering training. That figure has grew by 8.3% from the previous year. With security awareness training and phishing email simulations, the figure fell to 14.1% after 90 days.
During the COVID-19 pandemic, the amount of phishing emails being sent has grown significantly and campaigns are being conducted targeting remote workers. The focus of the phishing campaigns is to obtain login credentials to email accounts, VPNs, and SaaS platforms and to distribute malware and ransomware.
With so many staff now working from home, and the speed at which firms have had to transition from a largely office based workforce to having virtually everyone working from home may have resulted in security awareness training for remote workers put on the long finger. However, with the lockdown likely to go on for several months and attacks on the rise, it is important to make sure that training is conducted, and as soon as possible.
More COVID-19 Domain Registrations and Rise in Web-Based Attacks
Security awareness training for remote workers also should incorporate internet security as not all threats will arrive in inboxes. CMost phishing attacks have a web-based component, and malicious websites are being created for drive-by malware downloads. At present, the vast majority of threats are using COVID-19 and the Novel Coronavirus as bait to get remote workers to install malware, ransomware, or part with their login credentials.
Unsurprisingly, hackers have increased web-based attacks, which are being conducted using a plethora of COVID-19 and Novel-Coronavirus themed domains. By the end of March, around 42,000 domains related to COVID-19 and coronavirus had been set up. A review by Check Point Research showed those domains were 50% more likely to be malicious than other domains registered over the same period of time.
It is important to increase awareness of the dangers of using corporate laptops for personal use such as browsing the Internet. Steps should also be taken to restrict the websites that can be accessed by employees and, at the very least, a solution should be implemented and configured to prevent access to known malicious websites that are used for phishing, fraud, and malware distribution.
Shadow IT is a Major Security Danger
When employees are office based and logged onto to the network, identifying shadow IT – unauthorized software and hardware used by employees – is easier. The issue not only becomes harder to identify when employees work from home, the risk of unauthorized software being installed onto corporate-issued devices increases.
Software installed on work computers carries a risk of a malware infection and potentially offers an easy way to attack the user’s device and the corporate network. IT teams will have little knowledge of unauthorized software on users’ devices and whether it is running the most recent version and has been patched against known flaws. It is important to cover shadow IT in security awareness training for remote workers and to make it clear that no software should be downloaded to work devices and that personal USB devices should not be used on corporate devices without the go-ahead being given from the IT department.
The COVID-19 pandemic has seen many workers turn to teleconferencing software to communicate with the office, friends, and family. One of the most popular teleconferencing platforms is Zoom. Malicious installers have been identified that install the genuine Zoom client but have been bundled with malware. Installers have been discovered that also install adware, Remote Access Trojans, and Coinminers.
How TitanHQ Can Be Used
Many security awareness training firms have made resources available to businesses free of charge during the COVID-19 crisis to help them educate the workforce, such as the SANS Institute. Take advantage of these resources and share them with your workforce. If you are a small SMB, you may also be able to get access to free phishing simulation emails to test the workforce and reinforce training.
TitanHQ can’t help you with your cybersecurity awareness training but we can help by seeing to it tthat employees have to deal with fewer threats by protecting against email and web-based attacks.
SpamTitan is an advanced and powerful cloud-based email security solution that will safeguard remote workers from phishing, spear phishing, malware, virus, and ransomware attacks by blocking attacks at source and stopping the threats from reaching inboxes. SpamTitan features dual anti-virus engines to safeguard against known malware threats and sandboxing to block unknown (zero-day) malware threats. SpamTitan incorporate many real-time threat intelligence feeds to block current and emerging phishing attacks and machine learning technology detects and blocks previously unseen phishing threats. SpamTitan has been designed to work seamlessly with Office 365 to allow businesses to set up layered defenses, augmenting Microsoft’s protections and adding advanced threat detection and blocking capabilities.
WebTitan is a DNS filtering solution that will safeguard all workers from web-based attacks, no matter where they access the internet. WebTitan uses zero-minute threat intelligence and blocks malicious domains and webpages as soon as they are discovered. The solution can also be used to carefully manage the types of websites that remote workers can access on their corporate-owned devices, via keyword and category-based controls. WebTitan can also be set up to block the downloading of malicious files and software installers to manage shadow IT.
For more details on protecting your business during the COVID-19 crisis, to set up a product demonstration of SpamTitan and/or WebTitan, and to register for a free trial of either solution to allow you to start instantly protecting against email and web-based dangers get in touch with TitanHQ now!