The current crisis has forced all of us to make changes that we otherwise wouldn’t have made. The upside, however, is that some of these changes may end up benefiting us well beyond the pandemic. One area that desperately needs this change is our view of cyber awareness — whether in remote environments or at the office. One report found that 91% of IT leaders simply trusted their employees to maintain safe security practices while working at home. This trust, it turns out, is misplaced, with 48% of employees saying that they are less likely to follow security practices at home. The bottom line is, if organizations want their employees to take cyber awareness in remote environments more seriously, they need to find a new way to help their employees create lasting behavior change.
Working from home creates unique challenges for their employees. They’re distracted, they’re doing their work on their personal devices, and they don’t have co-workers and managers there to motivate them. To build better cyber awareness while working from home, organizations should therefore focus on creating “micro-moments.” These micro-moments are small opportunities that contain four key elements:
Frequent and consistent
Involve positive reinforcement
By combing these elements, micro-moments sensitize employees to thinking about cyber awareness in their daily work, motivate them to continue learning, and keep them from thinking about cyber awareness as a burden or something that takes away their ability to get work done.
We know this works because it is the very foundation of Designed Privacy’s cyber awareness program, The PhishMarket™. The program combines phish simulations, daily micro-lessons, and detailed reporting to create behavior change that employee want to maintain. A study of The PhishMarket™ conducted by Stanford’s Peace Innovation Lab found that our program resulted in a 30% reduction in overall phish susceptibility in just four weeks, and 70% of participants said they would do the program again.
By incorporating a new a new type of cyber awareness training that focuses on creating micro-moments, organizations can help their employees create lasting behavior change, and the trust IT leaders have in their employees won’t be as misplaced as before.
A hacker got into your system, but you spot the problem before the hacker has a chance to carry out an attack. Best case scenario, right? Well, it all depends on what you do next. The government of Florence, Alabama found themselves in this exact situation, but their response is now costing them nearly $300,000. Here’s what happened:
In late May, cybersecurity report Brian Krebs received a tip that hackers known for ransomware attacked gained access to Florence’s IT system. Krebs made numerous attempts to contact city officials before finally receiving a voicemail thanking him for the tip and telling him that the city took care of the issue. However, on June 5th the city announced that a ransomware attack shut down the city’s email system. The city plans on paying the hackers the nearly $300,000 ransom to restore their system.
So, what went wrong? According to city officials, when the attack hit, the IT department was in the middle of securing approval for funds to investigate and stop the attack. Local governments are often slow to act, to be sure, but officials knew about the hacker 10 days before the attack and they still weren’t prepared. The bottom line is, given the rise in ransomware attacks on public institutions, Florence officials needed to have a detailed plan in place before an attack took place. Instead, they scrambled. And, to add insult to injury, hackers accessed to the city’s systems by stealing the Florence IT manager’s credentials through a phishing attack.
How to Beat the Hackers
So, what should you do if you know you’ve been hacked but haven’t yet been attacked? Here are just a few steps you can take:
1. Have a Plan in Place
One of the main reasons Florence was slow to act is because they waited until after the hack to figure out a game plan. Instead, the city needed to have a detailed incident response plan in place. This involves first identifying what types of attacks you are most vulnerable to. Then, you need to create a detailed step-by-step response for each type of attack, and create a team of employees responsible for carrying out each of the steps. You also need to ensure you have contingency funds readily availble to carry out the plan quickly. Finally, it is important to simulate each type of attack so that the team can practice carrying out their response. Overall, the goal of an incident response plan is to deal with potential attacks as quickly and efficiently as possible.
2. Shut Down and Isolate Infected Systems
In order to keep the hackers from accessing other systems, it is important to shut down and isolate infected systems and any devices connected to it. Remove the system from your network. Disconnect the system’s wireless and bluetooth capabilities. Any devices previously connected to the infected systems should be shut down and removed from the network. Along with keeping the hack from spreading, this also limits the hacker’s ability to encrypt or damage the infected systems.
3. Secure Your Backups
Having updated and secure backups are especially important for ransomware attacks. If a hacker encrypts your data, having a recent backup of that data could save you from having to pay the ransom. There are two important caveats, however. First, it’s important that you regular test your backups to ensure your data isn’t corrupted in the backup or restoration process. Second, keeping the copies of your backups secure and offline is essential. Otherwise, it is possible for hackers to gain access to your backups and encrypt of remove them from your systems.
4. When in Doubt, Rebuild
The hard truth is, the most reliable way to shut down a hack before an attack is to completely remove the infected systems and rebuild them from scratch. Of course, the time, resources, and personnel required to do this makes it a difficult pill to swallow for many organizations. However, it is the only way to guarantee that a hack is removed from your systems.
The Bottom Line
Spotting a hack before the attack can give you the leg up on the hackers. But, as the ransomware attack on Florence, Alabama makes clear, knowing that someone accessed into your systems is not enough. You need to have a game plan ready to go and carry it out as fast as possible. Using your time and resources to prepare for an attack now will give you piece of mind, and potentially reduce the cost of a hack later.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.