As an organization’s security awareness grows, it’s important to know what cybersecurity tactics to communicate to the workforce during these unprecedented times. As security professionals, it is important to keep the communications calm, simple and actionable.
With recent events in the news, there have been many questions and concerns. One of those may be about cybersecurity. We don’t have all the answers, nor do we know what will happen next. However, we do know from a cybersecurity perspective. Continued focus on fundamentals is key to protecting both yourself at home and at work. While the sense of urgency may have changed, how cyberattackers target us has not. Those key fundamentals are as follows:
- Phishing: Phishing and related scams are when cyberattackers attempt to trick or fool you into doing something you should not do. Often these scams are sent as emails, but they can also try to trick with you text messaging, phone calls or on social media. Anytime someone is creating a tremendous sense of urgency and rushing you to take an action, or someone is promoting an offer that is too good to be true, this is most likely an attack.
- Passwords: Strong passwords are the key to protecting your online, digital life. Make sure each of your accounts is protected by a unique, long password. The longer your password the better. To keep it simple, use passphrases, a type of password made up multiple words like “honey-butter-happy”. It is recommended that you use a password manager to securely store all your passwords. Whenever possible, enable Multi-Factor Authentication (MFA) on your important accounts.
- Updating: Keep computers, devices and apps updated and current by enabling automatic updating on all devices. Threat actors are constantly looking for new vulnerabilities in the devices and software. Keeping them automatically updated makes sure these known weaknesses are fixed and your devices have the latest security features.
In addition, there is going to be a large amount of false information spread on the Internet. This is being done by the Russian government to confuse people. Do not trust or rely on information from new, unknown or random social media accounts. Many accounts on these sites were created for the purpose of putting out fake information. Instead, follow only well-known trusted news sources who verify the authenticity of information before they broadcast it. Finally, if you wish to donate to any causes in support of recent events, once again make sure you are donating to a well-known, trusted charity. There will be many scams attempting to trick people into donating to fake charities ran by cyber criminals.
We know that times like these can feel a bit scary, but we also wanted to let you know you will be fine. Continue to focus on the fundamentals as we have taught you, and you will go a long way to protecting yourself, no matter who the cyberattacker is.
Savvy threat actors are going to try their best to capitalize upon the anxiety, fear, and emotion many of us will be dealing with during uncertain times. Prompt and clear communication on cybersecurity tactics is a key first step to navigating through these situations safely.
– This originally appeared on SANS Institute’s website. SANS Institute is a CFE Media and Technology content partner.