The world we live in is in a complete state of disarray. People are struggling on multiple fronts and trying now more than ever to balance priorities. We are worried about our health, our jobs, our families. Everything seems more real, or maybe more surreal, now than ever before. We are distracted by media and news. We try to sort out the facts from the hype. It is in these times, that we are more vulnerable and more susceptible and the bad guys are going to prey on that.
They will prey on our fears and doubts about this virus that is devastating the world. There will messages from the Center for Disease Control (CDC) and The World Health Organization (WHO), requests for charitable donations, sales pitches for medical equipment that can keep your family safe. But how do we sort through the plethora of information that is inundating our inboxes, websites, and advertisements. How do we ourselves and our workers to identify the good from the bad, the truth from the lies, the safe from the malicious?
Similar to the basic fundamental physical hygiene messages that are being preached to the public, we must do the same for basic fundamental hygiene for our online presence. So instead of messages like “wash your hands”, “don’t touch your face” and “stay at home” we must preach “don’t click on suspicious links”, “don’t provide personal information”, “don’t download software from untrusted sites”. Hopefully, these are NOT new messages for your workforce. These are messages that everyone should have heard repeatedly from your organization security training and awareness problem. Our workers MUST be educated to know the signs and traps that attackers use to lure them in.
It is sad that our society will look to victimize people when they are most vulnerable, you know, the FUD factor. Let’s capitalize on everyone’s ‘fear, uncertainty and doubt’. One of our jobs as cyber security professional is to prepare our workforce. Despite technical controls being in place human behavior will always prevail. The goal for that behavior is positive outcomes, not negative outcomes. Our people need to be our STRONGEST, not our WEAKEST link.
How do you make your people your organization’s strongest link? You educate them. You educate them frequently and transparently. If you only train your workforce annually, it’s time to step up your game. Make it personal – share real examples. Reinforce that they need to keep your organization safe and their families safe. Hold them accountable. The last thing any of us need to be dealing with right now is someone clicking on a link that downloads ransomware and puts our business information and operations at risk during an already stressful time when we are trying to keep our business running during unprecedented times of a global pandemic.