[Updated] Last year, I was going to write an article about being squeezed up next to somebody else on an airplane and how easy it was to see everything they were doing on their computer. As a security awareness trainer, I was curious about what a bad actor might be able to discover and take advantage of in such a situation. It was enough that I could have put together an extremely well-targeted spear phish directly to that executive!
Now, times have changed. Most of us probably have no need for a privacy screen on a computer! But we all know these times have their own challenges and are just as acute. Today, you’re facing three questions.
- What threats does your organization face in the current environment?
- What does your staff need to know to work securely from home?
- How can you provide that learning?
Beware of quishing
Be cautious of the emerging phishing technique called “quishing.” Cybercriminals are now exploiting QR codes to deceive people into revealing sensitive information or downloading malware. Unlike traditional phishing attacks, quishing uses QR codes to direct victims to fraudulent websites.
The popularity of QR codes in various activities, such as linking to ads, commercial tracking, and augmented reality systems, has given scammers an advantage. QR codes hide the actual destination, making it easy for fraudsters to trick unsuspecting individuals by simply scanning the code.
Stay vigilant and educate yourself about this new threat to protect your personal data and your remote team. To learn more about the latest phishing scams, refer to the article “Catches of the Month: Phishing Scams for July 2023” here.
Secure online meetings
Online meetings are now the norm, with reports of up to a 500% increase in the use of Microsoft Teams Meetings. And not only are your employees working from home. They may be exchanging information over networks shared by family members or the public.
GoToMeeting, Microsoft Teams, Skype for Business, Zoom, or whatever solution your organization uses, you need your users to be familiar with all of your company’s security tools and how to use them. You can also provide recommendations on joining meetings external to your organization. A single link distributed publicly is an invitation to have unknown participants join a meeting and share malware links, yell profanity, or display racist or pornographic material.
Employees also have a tech stack at home, including routers, WIFI, and data providers. And it’s probably been set up at lower security standards than you would accept at work.
Online meeting safety requires user education for employees. Creating real security means training programs on tools, or at least best practice guides for common tasks. In addition, employees need instructions or a checklist for making their home technology as secure as possible.
Simplify cyber security training
As a learning initiative, then, to protect your data and your customers, you need:
- A base–level security training that educates employees on fundamental precautions they should take while working at home.
- Information on phishing scams.
- Checklists or reminders on setting up safety precautions at home.
In the scramble to share critical knowledge with your staff, the easiest solution may be to write content to publish internally and possibly follow that up with an email.
It’s critical that employees take notice and take your materials seriously. And, to make it stick, you’ll need to follow that up with additional learning opportunities.
Educational content with interactive materials and small chunks of information over time is one of the most effective delivery mechanisms. Customizing content to your organization and job roles, making it more relevant and accessible to learners, is even more impactful.
That may seem like a tough prescription, particularly in the midst of the upset of moving employees and business processes.
If you’d like help, Kalles Group is here for you.
Talk to us for comprehensive security training, including a phishing risk test, to assess your vulnerability and strengthen your ability to detect phishing threats across all your endpoints. We’ve partnered with InfoSec Institute to provide a complete security kit for remote employees, ensuring your workforce is well-prepared against cyber threats.