Últimas notícias

Fique informado

The Dilemma: Should you phish test during the COVID-19 pandemic?

03/04/2020

Spotlight

Como confirmar a validade das assinaturas digitais ICP-Brasil?

Com o isolamento social a tecnologia da certificação digital vem possibilitando com que pessoas e empresas resolvam alguns procedimentos por meio de documentos eletrônicos, mas como ter segurança?

21/05/2020

Multi-cloud é o novo normal, mas é um desafio maior à segurança de dados

A preocupação com o controle de identidades digitais nos ambientes corporativos se intensifica entre os CIOs do mundo todo na mesma proporção em que surgem as aplicações em Nuvem.

18/05/2020

Top 5 cybersecurity recommendations amid the COVID-19 pandemic

Industries have seen a sharp rise in cyberattacks even as the COVID-19 pandemic continues, including cyberattacks focused on health care using spear-phishing and ransomware …

01/04/2020

141 Cybersecurity Predictions For 2020

Entrepreneur Shlomo Kramer said that cybersecurity is “like Alice in Wonderland”,you run as fast as you can only to stay in place.

15/02/2020

Because we’ve entered a ‘new normal,’ you should send out a fresh message to your users letting them know that cybercriminals are having a heyday with COVID-19

By Perry Carpenter

Perry Carpenter – KnowBe4 Chief Evangelist and Strategy

There’s no question, these are challenging times. Employees and organizations around the world are doing their best to keep everyone safe and settle-in to a new normal for accomplishing work from home. Tensions are high; and fear and uncertainty abound. No one wants to add more stress to an already stressful situation.

Over the past week or so, I’ve seen a few social media postings and had a few discussions with people who believe that organizations should not phish test users during this time.

They feel that the best way to practice “socially responsible awareness training” is to provide simple information-based awareness training and abstain from phish testing. Thoughts like this may be well-intended; but I believe that they are wrong.

So, it is super-important to keep our end-users on their toes. In fact, because cybercriminals are in a COVID-19 feeding frenzy, I’ll be bold enough to say that *not* conducting phishing training during this time amounts to negligence. Cybercriminals prey on stress, distraction, urgency, curiosity, and fear. And they are bringing that full force against your end-users and your organization.

That being said, I totally understand where people are coming from when they feel hesitant to phish test users during this time. Organizations don’t want to add additional stress to their people. They are afraid that they may make employees feel confused or alienated. Totally understandable… and totally addressable. The key factors: your tone and your process.

Tone

I’ll address tone first because I believe it is the single most important piece to getting this right. I’ve outlined the critical importance of tone before on webinars, in conference sessions, and in my book. But, because tone is so much easier to feel than to describe, I’ll use a video example.

This is from a COVID-19 awareness project that I kicked-off specifically to help security awareness leaders conduct critical phish testing in a way that feels caring and compassionate. Have a look and hopefully you’ll get a feel for what I mean. This is a pre-campaign message for customers to send to their end-users

There are a few key aspects that resonate through the videos in this series. In essence, those come down to:

•Open with compassion and understanding: Things are new and different. We get it.

•Explain the situation: The COVID-19 situation opens-up new work from home risks and cybercriminals are taking advantage of it.

•Outline our responsibility: As a result, we all need to be more vigilant.

•Say what we are doing: One of the ways we plan to do that is to send out simulated phishing tests.

•Describe the intended outcome: The intent isn’t to trick anyone, shame anyone, or so on. It is to help us build secure reflexes.

•Provide advice and direction: Cybercriminals are relying on distraction, stress, and panic. So, anytime you see anything related to COVID-19 in your inbox, always evaluate it with a sense of skepticism. Report suspected phish.

•Close with a sense of community: “Keep Calm and Don’t Click. We’re all in this together.”

Process covid

The other key factor that you need to think about is process. Because we’ve entered a ‘new normal,’ you should send out a fresh message to your users letting them know that cybercriminals are having a heyday with COVID-19. And because of this, you are going to help prepare your people for what’s coming.

In essence, your process should be the following:

•Warn your people about the scams: Provide timely information about how cybercriminals are using this stressful time to their advantage.

•Tell them that you are going to help prepare them by sending COVID-19 and other simulations. If you are a KnowBe4 customer, you can use the pre-campaign video from the series I described above. If not, you can create your own message based on the formula that I outlined. Remember: tone is key!

•Ramp up testing to increase vigilance

•Consider using a failure landing page with a video that explains how cybercriminals are using COVID-19 right now to capitalize on the situation. This needs to be encouraging. If you are a KnowBe4 customer, you can use the post-click video from the series I described above. If not, you can create your own message based on the formula I outlined. A key message here is something like,

Oops, you clicked… Don’t worry, this wasn’t a real phishing email. You’re safe and our organization is safe. But beware, cybercriminals are using all of the news, panic, and disorientation around COVID-19 as a way to trick people into clicking on malicious links, open sketchy attachments, accidentally give away login/password info, and more. Your job is to be super-skeptical of any email that evokes strong emotion (fear, urgency, and so on)… especially if the email is related to COVID-19.

Reinforce vigilance with consistent encouraging messaging. (e.g. “Keep Calm and Don’t Click. We’re all in this together.”)

Conclusion

I hope this was helpful for you. When you engage your employees with the right message and tone, there is nothing to fear; and they will feel a sense of pride in helping protect the organization. That’s all for now. “Keep Calm and Don’t Click. We’re all in this together.”

For KnowBe4 customers, we have a full campaign ready for you. It consists of a video for the KnowBe4 Platform Admin, one video to announce the campaign to your users, and a video that lives on the landing page after they clicked on your COVID simulated phishing test. If you have any questions how to set up this campaign, call your CSM and they will get your going.

Source: KnowBe4

The Complete Guide to Domain Names: What Are They and How Do They Work

Critical Windows 10 vulnerability used to Rickroll the NSA and Github

How Digital Identity and Biometric Technology Are Transforming Emerging Economies

Neotel e KnowBe4 selam aliança para elevar o nível de conhecimento e conscientização de segurança digital

KnowBe4 chega ao Brasil com aquisição de El Pescador

KnowBe4 lança ferramenta gratuita para prevenir ataques em sistemas de múltipla autenticação

Explore Crypto ID, we have the best news about digital identification!

  Explore outros artigos! covid-19