SANS Security Awareness – Top Cybersecurity Risks
According to the SANS Cybersecurity Awareness Month (CAM) Toolkit, the top cybersecurity risks include social engineering, strong passwords and updated systems.
Risk #1: Social Engineering
One of the greatest risks remote workers will face, especially in this time of both dramatic change and an environment of urgency, is social engineering attacks. Social Engineering is a psychological attack where attackers trick or fool their victims into making a mistake, which will be made easier during a time of change and confusion. The key is training people
what social engineering is, how to spot the most common indicators of a social engineering attack, and what to do when they spot one. Be sure you do not focus on just email phishing attacks, but other methods to include phone calls, texting, social media or fake news. You can find the materials you need to train and reinforce this topic in our Social Engineering
Support Materials site. In addition, here are two SANS Security Awareness videos you can link to, once again provided in multiple languages.
• Social Engineering (English) also available in other languages here
• Phishing (English) also available in other languages here
Risk #2: Strong Passwords
As identified in the annual Verizon DBIR, weak passwords continue to be one of the primary drivers for breaches on a global scale. There are four key behaviors to help manage this risk, listed below. You can find the materials you need to train and reinforce this topic and these four key behaviors in our Passwords folder.
• Passphrases (note, both password complexity and password expiration is dead).
• Unique passwords for all accounts
• Password Managers
• MFA (Multi-Factor Authentication). Often called Two-factor Authentication or TwoStep Verification
Risk #3: Updated Systems
The third risk is ensuring any technology your workforce uses is running the latest version
of the operating system, applications and mobile apps. For people using personal devices
this may require enabling automatic updating. You can find the materials you need to train
and reinforce this topic in the Malware or Creating a Cybersecure Home folders.
Additional topics to consider
• Detection / Response: Do you want people reporting if they believe there has been an incident while working at home? If so, what do you want them to report and when? This is covered in our Hacked materials. For this to truly be effective ensure you have an easy channel for people to report suspicious activity. This will be especially critical when you have people working remotely.
• Wi-Fi: Securing your Wi-Fi access point. This is covered in the Creating a Cybersecure Home materials. Also, please consider this video on Creating a Cybersecure Home Video (English) also available in other languages here.
• VPNs: What is a VPN and why you should use one. We recommend the OUCH newsletter on VPNs.
• Virtual Conferencing: Top tips for both attending a virtual conference or hosting a virtual conference.