As 2020 has created a flood of worker bees, working from our respective beehives, our homes, so has the influx of cyberattacks, including phishing scams and ransomware attacks. Digital transformation has surged this year, and this increase in online usage has created a perfect breeding ground for cybercriminals.
Earlier this year, businesses raced to move their employees and businesses to a safe and 'remote' office environment. And, the commonly used 'on-prem' solutions were moved to the cloud. That's usually a positive reaction to maintaining a business's profitability during a pandemic, but several IT security oversights can be easily made without care. If companies aren't taking measures to simultaneously adapt their IT and cybersecurity environment to their new remote environment, it can leave them vulnerable to cybercriminals looking for a payday. Cybercriminals will target any cyber vulnerability and creep up in the most used applications and software. Especially those that have been unpatched— causing most of the widespread attacks.
Phishing has been around for decades, and over time, cyber attackers have developed more sophisticated methods of targeting victims. The most common phishing technique is to impersonate a bank or financial institution via email to lure the victim into divulging their account details or login credentials. In the past, misspelled or misleading domain names were often used for this purpose. Today, cyber attackers resort to more creative methods that include realistic links and web pages that closely resemble their legitimate counterparts.
Cybercriminals are even deploying phishing emails while pretending to be healthcare authorities or government officials during a pandemic. With the surge of medical cases, cybercriminals have taken to targeting healthcare providers. Ransomware, denial-of-service (DoS) attacks, and malware attacks are plaguing our hospitals. These attacks show that cybercriminals are always looking to obtain valuable user data that can be sold or misused by the attackers for nefarious purposes, such as extortion, monetary theft, or identity theft. No one is immune.
How can we guard against all this? It is relatively easy. One word: Education. Or in more concrete terms, Cybersecurity Awareness Training. The more education we can share with our employees, the better protected they are. A business's IT infrastructure and security are only as strong as its weakest link. It takes only one employee to open the wrong attachment or the wrong phishing email to topple down the carefully taken measures. When employees understand how phishing works, they can avoid online scams and prevent any social engineering tactics that try to coax personal information over the phone.
Facts & Strategies
FACT: More than 4 out of 10 Canadians (44%) indicated that they had spent more online on technology, including computers, laptops, and tablets, since the onset of the pandemic.
The pandemic did not diminish the volume of cyber incidents. Just over 4 in 10 Canadians (42%) experienced at least one type of cybersecurity incident since the beginning of the pandemic, including phishing attacks, malware, fraud, and hacked accounts.
- Cybersecurity strategy: Some businesses that hold a plethora of confidential customer data require cybersecurity awareness training as a compliance measure.
FACT: As many as 60% of hacked small and medium-sized businesses go out of business after six months.
- Cybersecurity strategy: Insurance companies may require cybersecurity awareness training to be able to qualify for cybersecurity insurance.
FACT: More than 90% of malware gets distributed via email. The global average cost of a data breach is $3.92 million.
- Cybersecurity strategy: To avoid such breaches, compliances such as HIPAA, PCI, SOX, GDPR and CCPA require or strongly encourage training for all employees.
ESET Cybersecurity Awareness Training
ESET researchers and educators have developed an educational online training awareness course - ESET Cybersecurity Awareness Training. Employees who undertake this course can expect to enjoy an engaging learning experience through gamified quizzes, interactive sessions, and role-playing. This comprehensive online course takes under 90 minutes to complete. Some of the key benefits of the ESET Cybersecurity Awareness Training is that it has:
- Up-to-date Interactive Training Scenarios, training videos, and games cover everything employees need to know to keep company data and devices safe.
- Easy-to-use Administrative Tool: User-friendly admin dashboard allows your admin to assign training, conduct phishing simulations, and view training progress and phishing campaigns at a glance.
- Email Reminders: Automatic email reminders to learners to help ensure compliance with your training initiative.
- Phishing Simulator: Reinforce your training by creating realistic phishing attacks via the ESET Phishing Simulator.
- Synchronize your Users: Set up your users by syncing with Active Directory, Office 365, and more, or manage via CSV.
- Certification Test & Certificate of Completion: Download and print ESET's Cybersecurity Awareness Training certificate upon completing training and certification tests.
MSPs and solution providers have no excuse for not adopting cybersecurity measures in today's malicious environment, either. Don't be a statistic. Be proactive. Click here to learn more.
Contact Ingram Micro's Cybersecurity team for pricing.