Already we’re entering the festive period of 2020 and what a year it has been, albeit for different reasons to what we’re used to experiencing. In the world of cybercrime, Christmas is often the most prevalent time of year for cyber attacks on organisations, and suffering a breach, especially at this time, is something every organisation should want to avoid.
We’ve put together our top 4 Reasons why Cyber Security Training is more important than ever this Christmas.
1. Remote Working
2. Digital Fatigue and ‘Burning the Candle at Both Ends’
3. Surge in Online Shopping
4. ‘Panic’ Clicking
The word ‘unprecedented’ has dominated our vocabularies this year as it describes many of the events we have experienced. It certainly describes what has happened within the cybercrime industry. In March, cybercrime rates increased by 667% and since then, attacks have largely been focused around the global pandemic. Never before have organisations seen this volume of phishing and social engineering attacks taking place.
Cyber security training is seen as one of the best investments an organisation can make to protect themselves and their employees from cybercrime. In this year’s Cyber Breaches Survey, we learned that training employees around cybercrime was the most common action taken by businesses and charities who previously suffered a breach.
Let’s take a look at why cyber security training is important, specifically for Christmas this year.
Remote Working Isolates Your Employees
The shift to home working was very much sprung onto us earlier in the year, meaning organisations who weren’t already prepared had very little time to do so. Since then, organisations have had more time to adapt working practices and logistics to make remote working a more effective and comfortable task for their employees.
What cannot be controlled however is the fact that remote working isolates your employees, meaning that your organisation relies on their individual skills and experience in identifying suspicious e-mails, websites, and phone calls. Without a good level of security awareness across the workforce, organisations are much more susceptible to suffering a breach.
We’ve seen first-hand evidence of how employees behave and react to a phishing attack through the thousands of ‘Baseline Phishing Tests’ we have run as part of our leading Security Awareness Training and Testing service. In most cases, 40-70% of staff will click the malicious link in our simulated phishing e-mails within the first minute of receipt. Following this, word spreads through close-knit office spaces and we see a massive drop-off of interaction with the e-mail. When employees work remotely, this crucial step of quick, reactive communication that protects the organisation is lost. The only way to minimise the risk of suffering a breach due to an isolated and widespread workforce is by providing cyber security training and regular testing.
Security Awareness Training and Testing (SATT) provides comprehensive, online training to all employees and keeps you updated with those who are interacting with simulated phishing attacks. Additional support is provided to those who need it, meaning that your entire workforce shares a high level of awareness and vigilance towards cybercrime.
Burning the Candle at Both Ends
Holidays are important and this year, many of us have not been able to take enough regular breaks from work. One may think that by more regularly checking e-mails or taking phone calls, you are more likely to spot suspicious activity. Well, it is actually quite the opposite.
When cybercriminals target attacks towards organisations, they try to make their approaches feel as natural as possible, and subsequently, when you are in a flow of constant work, it is much easier to gloss over and process requests, missing red flags.
Working for lengthy periods of time combined with an increase in digital fatigue means that your employee’s vigilance towards cyber attacks is likely to have lowered if cyber security is not kept front-of-mind.
Online Shopping Set to Replace High-Streets for Many this Year
One of the main reasons cybercrime rates increase around the festive period is due to the surge in online shopping. Traditions such as ‘Black Friday’, ‘Cyber Monday’ and Christmas shopping are flipped every year by cybercriminals to create believable attacks centered around false or declined payments, refunds, and special offers to trick people into revealing payment card details and other sensitive information.
This year, in particular, stores are expecting a significant increase in online sales. Cybercriminals know this and the amount of e-commerce based attacks in circulation could be more than ever.
An example might be a phishing e-mail where cybercriminals impersonate ‘Amazon’ to let you know that your latest payment was declined and needs to be made again. The e-mail could appear genuine, however, the webpage where you update your card details could link straight back to the cybercriminals.
Cyber attacks that affect employees personally can also be dangerous to your organisation depending on the information that is stolen and the level of access they have into your network. By providing cyber security training to your employees, you are not only protecting your organisation but are also helping staff in their personal lives, making them much less likely to fall victim to identity theft or fraud.
In difficult times such as these, it is much more likely for people to be ‘panicked’ into clicking links or taking action on the back of a suspicious e-mail, phone call or request. This is especially the case when attacks are focused around the pandemic. Cybercriminals know what gets people clicking, and under current circumstances, this includes false developments in vaccine trials, new restrictions or government guidelines for the local area, or in a business sense, false orders of high value.
This particular attack is the most dangerous to your organisation. False order or invoice attacks have been around for years and now hold much more weight due to the economic impacts of the pandemic. Receiving an e-mail out of the blue for a high-value order of your products or services can sometimes be too good to be true and should be treated very carefully.
With many more of these attacks in circulation, the impact of being panicked into interacting with an attack set out to steal finances could be catastrophic.
As we enter the festive period, we highly recommend that you consider cyber security training for your staff if you have not already. Training employees and keeping them vigilant towards cybercrime is the best way to protect your organisation and stop security incidents from happening.
For more information on how we can help, see our Security Awareness Training and Testing service.
We also provide a free course specifically focused on attacks born out of the Coronavirus pandemic. Request the course for your organisation here.