Why awareness training is more important than ever

When spear-phishing and ransomware get into the mainstream media perhaps people across the country will take awareness training more seriously.

That’s the hope after CBC News reported this morning that Canadian companies are victims of an increasing number of sophisticated cyber scams. There are no numbers cited, in part because no central agency collects reports from police and financial institutions. And due to under-reporting authorities probably don’t know the half of it.

CBC quoted an unidentified woman who worked for an investment company falling for the scam of an email purportedly from a co-worker with a voicemail attachment. The attachment was ransomware that froze her computer and demanded $600 or files would be destroyed. Presumably the files weren’t backed up because the company paid.

There are two vital lessons in all this: First, victim organizations shouldn’t have to pay extortion if they have proper backup procedures. That means CISOs have to understand their organization’s business processes to see which people and systems are vulnerable. Second, all employees need regular awareness training to treat email as if it is a hot stove — use it, but slowly.

Staff — particularly those in IT and sensitive managerial positions where they have the authority alone to forward money without a counter-signature — have to understand email and voice communications have to be examined carefully before opening attachments or following instructions. This means regular — more than once a year — awareness training.

Want to get an early start? Earlier in the year Intel Security circulated this quiz, which should be passed around to help people learning what to look for an whether their skills are up to the task. The graphic below offers some pointers, and below that are eight do’s and don’ts.

 

 

Do:

– Keep your security software and browsers up to date

– Hover over links to identify obvious fakes

– Take your time and inspect e-mails for obvious red flags (i.e. misspelled words, incorrect URL domains, unprofessional and suspicious visuals)

– Instead of clicking on a link provided in an e-mail, visit the website of the company that allegedly sent the e-mail

Don’t:

– Click on any links in an e-mail sent from unknown or suspicious senders

– Send an e-mail that looks suspicious to friends or family as this could spread a phishing attack to unsuspecting loved ones

– Download content that your browser or security software alerts you may be malicious

– Give away personal information like your credit card number, home address, or social security number, to a site or e-mail address you think may be suspicious

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now