What will stop COVID-19 cyber attacks? Technology and education

Has your business had the ‘split tunnelling’ debate? When you have a lot of your team working remotely there’s a tradeoff to be made between availability (using up all that valuable remote access bandwidth) and operational risk (staff download malicious stuff)  which can be mitigated by training and awareness campaigns…:

[…] Wavelink managing director Ilan Rubin says, “Technology can only go so far to protect an organisation against attack in such chaotic and challenging times. With more employees working outside the corporate firewall for perhaps the first time, businesses need to be more vigilant than ever in making sure these employees understand the importance of basic security hygiene.

“This includes never opening attachments from someone they don’t know and always treating emails from unrecognised senders with an abundance of caution.”

When it comes to specific employee training, Rubin says, “Employees should be trained to be sceptical of instructions in emails, text messages, or even phone calls that require them to click on a link, open an attachment, provide login details, or transfer funds. If in doubt, users should contact their IT or information security department to verify if an email is legitimate.”

Rubin says this is a crucial time for organisations to up their security game.

He says, “Right now there are so many legitimate pieces of communication regarding COVID-19 that it’s very easy to slip in some phishing emails and other fake communications. This has created a significant vulnerability that attackers have been quick to exploit.

[…]

Original article here