Over 6 months have passed since many of us moved to a work from home environment, or a new way of working. During this time the IT threat landscape has evolved, so we’d like to update you on how hackers are taking advantage of these changes to access business data and information.
Adon Blackwood: So it seems like we’ve got the numbers rallying up. Thank you for joining this morning’s webinar. We’re going to start by passing the mic over the John who’s going to do a quick intro and then we’ll delve straight into it.
John Saville: Thank you Adon. So, thank you everyone for joining us this morning. My name’s John and I’m the Partnership Manager at Totality Services. I just want to say a huge thank you to Adon for coming on board and delivering this webinar for us this morning. It should be hugely informative.
So, Adon works for Mimecast, and Mimecast have been monitoring how the threat landscape has changed over the last few months through lockdown, and through the changes in terms of working from home. So, I’m going to throw you across to Adon now and he’s going to take you through kind of what they’ve seen as a company, and how we can mitigate against the threats. Thank you, and over to you Adon.
Adon Blackwood: Super. Thank you very much John. So, good morning everyone. Thanks for joining us. As John mentioned, my name is Adon Blackwood. I’m one of the Security Engineers here at Mimecast. I’ve been with Mimecast just under two years now, and a lot of my role is focussed on speaking to businesses about their attack surface when it comes to cyber security. And that’s exactly what we’re going to focus on today with a particular focus on how that’s affected businesses whilst they’re working from home during the pandemic.
Just a bit of housekeeping. If you can’t see my screen or you’re having difficulties with audio or hearing me, please use the chat window and let us know. We will have a short Q&A session towards the end of the webinar, but I would encourage that if you have any questions and anything comes to mind as I’m speaking this morning, use the chat windows, pop those questions in there and John and I can cover those off towards the end of the session.
So, without further ado we’ll jump straight into it. Today we’re going to cover off mainly the challenges, what organisations have been facing during the pandemic. Then we’ll delve into what we call 100 days of corona virus, which is actually a report that Mimecast produced cataloguing the first 100 days of what we were seeing in terms of email and web-based threats.
So, just some of the findings that we’ve seen from that in terms of stats. And then from that we don’t want it to be doom and gloom, we certainly want to give you some tips and tricks on how you can level up your security across the business, particularly for employees working from home, and some other recommendations that fall out of scope of technical controls. Then, as I mentioned, there will be questions at the end.
So, let’s start with the challenges, and I’m sure we’ve all experienced at least one or a couple of things that we see on the screen here. The core one that I want to focus on is public anxiety. I mean, 2020 has been a very unsettling year for most people really when it comes down to government guidelines, working and, of course, people that may have caught COVID-19 themselves and have been taken off work. So, it’s really impacted staffing issues. Furlough schemes. There’s been a lot going on, and when it comes down to resources of your employees it’s been very difficult to manage.
The other side of that is of course increased remote working. A lot of offices have been closed, and some organisations have had to adapt quite quickly and push to a strategy that’s cloud based, allowing their employees to work from home. Some of us were ready for that and had cloud-based solutions and systems in place. Others not so much. So, there was a lot of, I guess, running around chasing our tails to try and figure this stuff out. The other side of that leads onto poor remote working conditions. Some of us have kids and pets, or we have poor bandwidth, terrible internet connections. So, it’s very, very difficult for us to make sure that we’re working effectively.
The other side of that, of course, is the unsecure workstations. One thing we need to bear in mind is that we do have employees working from their own machine sometimes. So, it’s very difficult to make sure you’ve got the right security in place for people using their own devices. It would be a mobile device, their smartphones. People may be using their iPads, a PC, a Mac, and when it falls out of the scope of a device that you’ve not provided for your employees, it’s every difficult in terms of the jurisdictions of what types of software and protection you can deploy on those devices.
The other part of that is complicated environments. So, as I mentioned some of us were ready for a remote working strategy, some of us not so much, and depending on how you work as a business and what your processes are there could be a lot of moving parts, areas of file shares, access to certain systems and websites, needing VPNs to connect to certain resources. It can get very, very complicated when people aren’t in the office. The other part of that, and a core focus that we certainly want to adhere to, is the service dependency, and what I mean by this is simply relying on perhaps email day to day.
The core questions are, what would happen if your business’s email suddenly went offline whilst you had everyone working from home? Do you have a failover system for that? Or perhaps there’s a file share area that is taken offline, or files have been corrupted. What we really want to think about here is backups should something go wrong. Ultimately, what we want to try and do is avoid single point of failure, and we’ll talk about that in a bit more detail as we read through the session.
The other part of that, of course, is that we’ve seen increased email and web-based threats because of COVID-19 due to the actual pandemic itself. Threat actors know, they’re very aware, of current affairs and they’re piggy backing off that and using that to exploit end users. Really jumping off the back of the public anxiety knowing that the population are very unsettled at the moment and using very emotive scripted emails and web-based threats to try and exploit users.
And the final piece that I want to cover off in terms of the challenges that we’ve seen is a piece of malware called EMOTET. I’m not sure if everyone is familiar with EMOTET, but it’s a very sophisticated piece of malware that had its origins in the financial sector, but this malware in particular is very sophisticated because it knows how to adopt and change and evolve. It could start by a phishing attack and will sit on your machines, hiding in system memory, being very evasive, and then waiting for the right moment to reveal itself and cause some damage.
So, there’s a lot of moving parts, as you can see here, a lot of challenges. And from that Mimecast, of course, have been cataloguing what’s been going on with that. I mean, we’re one of the largest email security gateway providers across the world, so we’re seeing a lot intel that’s coming through our actual services, our products and services and what our customers are seeing. And along we saw a 54% increase in malware between 30th March to 5th April, and that was really when the nature of the pandemic was at its peak.
There was global news about this, and we were seeing a 50% rise in malware alone. So, what that indicates to us is that threat actors knew what the current affairs were and didn’t hesitate to jump on that and use that as an opportunity to target more people. And that’s really the core focus here is current affairs. Yes, threat actors do sent spam and malware or create credential harvesting websites, but they are also very tactical, very sophisticated in the way that they research and when they choose to send these attacks.
So, they’ll spend a lot of time researching what’s going on in the world, and here is a good example of the types of emails that we’re seeing, that we’re cataloguing in the 100 days of corona virus report. People pretending to be the WHO, masking themselves and impersonating known institutions and organisations, banking on that kind of public trust, tying that in with the fact that people want information, they want confirmation of what’s going on, and a good source of that information would be the WHO.
So, if an email like this lands in your inbox when you’re feeling a bit unsettled about what’s going on with COVID-19 or a vaccine or what the current public guidelines are, and this email lands in your inbox, there’s a higher likelihood that you’ll interact with this communication and click on the link. So, that’s the type of stuff we’re dealing with. The other thing we need to bear in mind is that there were already existing multiple attack points before the pandemic.
So, on screen here you can see a number of different avenues that attackers were already using before COVID-19 popped up. Your textbook viruses, your malware such as EMOTET, sending spam, unsolicited emails to your mail server, and of course malicious links of phishing emails themselves, you click on a link and it installs malware or takes you to a credential harvesting site, and then a final one which is most prevalent is impersonation attacks. Some of us on the call today may know this as business email compromise, BEC or whaling attacks, specific phishing attacks that are more targeted and dedicated to a particular individual.
As you can see here we’ve got five different attack surfaces that existed before COVID. Combine that with current affairs and combine that with perhaps a lack of user awareness, you can see that the attack surface for your business can be quite large. So, here we’ve just got a couple of stats on what we’ve seen, really the methods that threat actors are using when they’re trying to exploit organisations, the core one being spam. As you can see really a spray and pray tactic, attackers creating mail servers and sending emails in bulk to organisations. It’s not very targeted, but really seeing who interacts with those messages.
And then the other part of that, which is quite devious, quite insidious, is the impersonation attacks. Doing a bit of research and finding out who you’re directors are, your MDs are, the managers across your business. Very, very easy to do, must I say. You simply need to go ahead and jump onto LinkedIn and create an account and search for all of the employees for a certain organisation, and understand who they’re connected to, what their job titles are and how long they’ve worked at a business. And this information is easily accessible, unless you’ve got a private LinkedIn account, and then from that you can go away and create your email as a threat actor and then target a business.
And if we continue that, some of the stats, you can see that there’s been an increase for all of these attack vectors. Spam’s increased. There’s more spam being sent to mail servers. We’re seeing a 30% increase in impersonation attacks. Malware detections have increased by 35.16%, and this was at the end of March. And the kind of last stat here that I do want to focus on and explain in a bit more detail, the blocking of URLs within Mimecast within our own services, mainly our own URL protection module, has increased by almost 56%. And what that means here is that Mimecast is seeing more malicious emails and choosing to block more malicious emails, and that’s quite a significant increase. So, as a result Mimecast have responded to what’s happening in the world by blocking more malicious links.
So, if we move away from some of the cyber security aspects for just a second, there are some other key considerations that we certainly need to focus on when we’re talking about a remote working strategy and some of these here are operational dependency. And I spoke about this at the start of the webinar. Having service dependency on a particular cloud solution. The main one that comes to mind, of course, is email. So, the questions that we certainly have to ask ourselves are, can we continue to function as a business with the level of productivity when email goes offline? What happens when your email is switched off? Do your end users have a plan B?
And Mimecast certainly has a solution that can help with that allowing you to get back online and send and receive emails instantaneously before too much damage is done. And this can be done automatically in a way that will detect if there’s any downtime and then switch this on on your behalf and send you alerts, or you can provide this feature to your end users and allow them to activate it when they realise that maybe Exchange or Microsoft 365 hasn’t delivered any new emails whilst you’ve been away at lunch. Some of the other things we want to consider is easy access to data.
So, if we are working from home, we certainly don’t want systems and controls that are too complicated to get your end users to work through. Of course, we want protection, and we want security there, but we don’t want it to be cumbersome. So, we certainly want to talk about having access to data that’s centralised. The IT teams across your organisation know exactly what’s going on and where that data is and who’s accessing it, but making it easily accessible for everyone.
And that leads us into securing data, things like secure passwords, making sure you’re end users are using the correct passwords which have the right strength, characters, etc. Perhaps using a password manager to manager to manage those credentials, and a core thing here that we certainly want to speak about is multifactor authentication, requiring an access code combined with a password so there’s two bits of information that a threat actor would need if they were trying to compromise your account. And multifactor authentication is something that’s supported by most major cloud providers. So, if that’s not something you’re using we certainly recommend that.
And then a final piece, of course, is maybe there’s a need to migrate your data, and in particular what we want to focus on here is email. If you have an on-premise server, particularly with COVID-19 you may be thinking about migrating to something like Microsoft 365 and transitioning into the cloud, so you don’t have to worry about patching servers and maintaining servers and doing updates yourself. You can pass that onto a cloud provider and allow them to do that, which would mean you would need to migrate your existing legacy data from one system into the cloud, and the kind of complications and time that’s associated with that. And all of these things here we’ll talk about in just a moment, and how Mimecast and Totality Services can certainly help you with that.
So, if we summarise quickly, there’s a lot of moving parts. There’s a lot to think about at the moment. When we’re talking about cyber security in general, what we want to do is minimise your attack surface and have multiple layers of defence, making sure there’s not a single point of entry or failure for threat actors. Things like this are social engineering. This could be a phone call from a threat actor. Do you feel like your employees are savvy enough to understand when an attacker is calling them masquerading as someone they may know? It could be an employee they’re pretending to be, or someone in their supply chain.
The other side of that is fake news. There’s lots of information floating around the internet that isn’t legitimate and sources need to be validated. A lot of that is actually sent via spam, and that’s why we’ve seen an increase in spam as threat actors riding off the back of COVID-19 are providing fake information. The other side of that is fake websites masquerading and copying legitimate websites in an effort to steal credentials or payment information. You’ve got your impersonation attacks that already existed, but when threat actors combine that with legitimate sources, people that you would generally turn to who we trust, such as the WHO, it gets very, very complicated.
There’s also a sense of urgency. People are working from home, staffing is stretched, lots of people are working more hours than they normally would, which means you may have decision fatigue. Responding to emails and phone calls, you might be less aware when one of these emails lands in your inbox and it looks suspicious, you might overlook it. You might ignore the red flags. You’ve also got the fear, the public fear and anxiety that’s floating around. Generally people do feel unsettled. Combining that with phishing emails and, of course, when COVID-19 updates progress and there’s more news out, that’s also a new opportunity for threat actors to craft a new phishing email or campaign. And all of this stems from the fact that we are living through a pandemic now.
So, the core question is, what do we do? How do we face some of these challenges and some of the key considerations we need to bear in mind? Well, frankly, it can be very, very easy and all you simply need to do is simplify into two core areas. First one being your technical controls. So, having the right security in place and having the right backup strategies and business continuity strategies in place.
And then the second piece is the awareness training. So, focussing on the human element of your security, educating your end users so they’re aware of all of the subjects I’ve spoken about this morning so they’re ahead of the curve, they can anticipate what’s going to happen before it does. So, when an email lands in their inbox and it looks suspicious, referring to COVID-19 or having a sense of urgency, they’ll double think that and either report it or not interact with the email itself.
So, let’s start with the technical controls. Some of you on the call may be familiar with Mimecast’s S1 Advanced Email Security Suite. This is a very robust and sophisticated solution when we’re talking about emails. So, as you can see on screen here we’ve got multiple layers that sit within the Mimecast email S1 stack, the first one being a standard AV and AS engine, and as I mentioned earlier this was an attack surface before COVID-19. So, we’ll scan your emails and lookout for malware and spam. Things like spam will simply be rejected at the gateway before we pass them onto your mail server, meaning that there’s more room for legitimate emails to come through and not clog up quarantine with junk that frankly you don’t need to see.
The other part of that is something called DMARC and this is a kind of email authentication control validating that the emails haven’t lost integrity in transit. And what I mean by that is been intercepted, and also checking that the email isn’t a spoof, someone pretending to be someone they’re not, leveraging another domain. And then we move onto more the advanced stuff. So, URL Protect is designed for phishing emails, looking out for malicious links that could be dangerous. All of those links are scanned on entry by Mimecast, but scanned again every time an end user clicks on the link. So, we’re making sure that we’ve got an up to date scan on that link to see if anything has changed in a certain time period from when it landed in an inbox.
But combined with that you’ll also find that there’s employee user awareness training that will pop up and simply slow them down as a simple wall to say, “Do you think this link is safe or harmful?” to get them thinking a bit more. And if that link is in fact dangerous, but they think it’s not, we’ll simply just block access to the site. Then there’s Attachment Protect and that’s designed to look out for things like EMOTET, malware that’s very sophisticated and can hide and not reveal itself until a certain time period has passed. Mimecast has a sandbox and a way of sanitising inbound files to make sure they’re nice and clean so your end users can interact with them.
Impersonation Protect is designed to look out for business email compromise attacks. So, looking for first and last names that may match your employees but have come from a third party. Looking for certain words and phrases such as, ‘wire transfer,’ ‘urgent,’ ‘pay now.’ You can even configure this in a way to look for COVID-19 related words, things relating to the pandemic. So, you can filter out the noise from the legitimate traffic.
And then you’ve also got some additional tools in there such as Stationary, signature, branding and disclaimers, just to make sure you’ve got a centralised way of managing your corporate brand, having corporate governance. Making sure your employees are sending emails that look the same and have the right branding and logos and colour scheme and trademarks when they’re being sent on outbound emails.
And then a final piece, which we haven’t really touched on today, is Data Leak Prevention Tools. Of course, GDPR has had significant impact on the way organisations work and having the right technical controls in there. So, Data Lead Prevention Tool will be great if there’s anything in particular that you deem sensitive. You could be classifying documents such as sensitive or internal or confidential. You can look for those tags and if Mimecast sees those tags on an outbound email or an attachment, we can place that on hold and stop damage being done. So, that’s the S1 Security Suite.
What we call M3RA is more of a robust holistic approach to security, but not just focussing on security, it’s also a recovery solution for you. So, we spoke about operational dependency and a need for a backup of your data so it’s accessible. M3RA is the S1 security stack, so everything I just showed you on the previous slide, but extending that scan of cyber security to your internal traffic. So, if we’ve seen anything malicious floating around your organisation that you may not be aware of, Mimecast can automatically remove that from users’ mailboxes to stop someone perhaps sending their outbound to a third-party contact, someone within your supply chain, or sending it amongst themselves. And that can be set up in an automatic way where you can remediate that threat.
In the middle piece we’ve got Email Continuity, and that’s designed as a failover system for your email. So, should Microsoft 365 or Exchange randomly go offline of there’s some service disruption, Mimecast can be configured in a way to proactively scan and be aware of that and notify you. So, you can trigger continuity mode and get back online in a number of seconds, not even minutes, in a couple of second your organisation back on line, send and receive emails and still have the right controls in place, scanning of URLs, data leak prevention tools and attachment scanning.
And then a final piece, of course, we spoke about easy access to data, but making sure that it’s encrypted and protected, and this is where the Archive and Sync and Recover comes into play, allowing you to migrate your legacy email data into the cloud. So, it’s accessible for all of your end users, and admin will be able to access all of the emails sent and received across the business in one place. And then you’ve also got some tools around E-Discovery for GDPR. It might be a HR investigation, it could be a subject access request or the right to be forgotten.
All of those tools are dedicated in a specific area for you as a business so you can access those with 99 years of retention. So, keeping your emails for 99 years, unless you choose to shorten that retention period. The other part of that, really leaning on the back or easy access to data, the archiving in Mimecast will also backup your folder structure. So, for your end users when they’re navigating the archive they’re not just searching a pool of emails that are uncategorised, they’ll be searching in a backup solution, and area that will replicate exactly what their mailbox looks like with their folders and their subfolders and exactly how they’ve structured their mailbox themselves.
So, the final bit that I kind of want to wrap up on is the Legacy Data Ingestion. So, we spoke about perhaps having a need to migrate your existing on-premise email data to the cloud and having that in one area, so your end users can access it and admins can access it. And we have a solution and a dedicated team that can help with that. So, depending on how much data you’ve got, it could be 10 years’ old, 15 years’ old, it could be 2 or 3 or 4 terabytes in size, regardless of how old or how large it is, we’ve got a dedicated solution that will plug in to your existing mail server and your archive and automatically transport all of that email data into the Mimecast data centres and clouds so your end users can access them anywhere, access them in Outlook directly on their PCs at home, maybe mobile devices or a web based application.
So, the core thing to focus here is, you want your end users to be able to access their data regardless of where they are, especially for the fact that most of us are remote working at the moment. So, that covers of the technical aspect of our response to COVID-19 and working from home. Now we want to focus on the human element, and to do this we want to focus on awareness training. It’s very difficult to say to your end users, “Don’t click on a dangerous link,” if they don’t know what a dangerous link looks like. It’s very difficult to say, “Don’t provide sensitive information over telephones,” if you don’t know – if your end users aren’t educated on what a suspicious conversation looks like.
So, there’s a way we can go about that, and that’s the Mimecast Awareness Training platform. This is designed to give your end users educational content, talking about the attack surface of cyber security, but not just cyber security, security as a whole. So, it’s very difficult to train your end users on things like encrypted communications and data, or using secure passwords. Perhaps you want to educate your end users about not having confidential conversations about the business in a public place, especially relating to the pandemic. Those things are very difficult to do via emails and computer-based training.
So, what we’ve decided to do is create video content that’s two to three minutes’ long, that places everyday office workers, employees in security related scenarios, and that’s designed to be very comedic in its delivery and its approach. It’s quite quirky and unusual, and that’s intentional by design because that increases the engagement, it makes employees want to watch the videos because there’s characters, and you’ll find that these characters kind of give off emotional development and attachment. Your end users want to see what’s going on. But at the end of the video there’s a simple question that’s popped and says, ‘What would you have done is you were placed in this scenario?’ with four possible answers. They simply need to select one answer.
All of the answers that they can respond to are correct, but they range from best practice to worst case scenario. The moment they do that they can see how they interacted with this question in comparison to the rest of their colleagues. The other part of that is the Information Intuitive Management and Training console. So, you don’t have to be the most technically minded person to schedule this training. It’s very simple. It’s very similar to how you would send out a marketing campaign. You’d create your content, you choose a time schedule and the recipients, and then you fire it off, and it works in the exact same way. So, you don’t need to be the most technically savvy person to train your employees.
The other side of that, of course, is phishing simulation. So, the ability to expose your end users to threats in a safe environment, sending them templates and examples of what we’re seeing in the world, especially when it comes to COVID-19, and essentially allowing them to make that mistake in a safe environment and educating them on what to look out for. The moment they take on that phishing link thinking it’s actually a shipping notification, they’ll be taken to a landing page that says, ‘This was a simulated exercise. Here are the things you could have looked out for. On this occasion you were kept safe, but if this were a real-world attack there could have been damage done.’
And what we often find here when it comes to awareness training is there’s kind of two approaches. There’s the theoretical approach where you provide them information, and then there’s the practical, and we actually find that when users make the mistake of clicking on a phishing link, that’s where their behaviour changes. What we want to do here is focus on your end users and your employees being another layer of security. Instead of treating your end users as the weakest link, treat them as another layer of security.
Allow them to educate themselves and when something suspicious pops up, instead of interacting it and behaving in an undesirable way they can flag it up, report it to IT and IT can go ahead and block that message. And it’s really the difference between someone clicking on the link and causing a breach, or someone stopping and saying, “That looks unusual. I think I’m going to report this to someone before I interact with it and cause some damage.” The final piece, of course, is Risk Scoring. We need metrics to understand where our risk areas are, where our departments are, or employees are that need some extra help. What type of video content do we need to expose them to? If they click on a phishing link perhaps we need to show them a video that’s dedicated to what phishing is and how to interact with a phishing email when one arrives in their inbox.
So, just to recap there. There’s two pieces to this. There’s the technical aspect, having the right technical protection protecting your network, and then the other side of that is having a plan B for any services that you are dependent on. And then a final bit is making sure your exposing your user to what threats are out there so they’re aware and not completely blind when these messages or these phone calls arrive. So, we’ll go onto some recommendations to kind of summarise, and these are quite broad and very easy recommendations that both Mimecast and Totality Services can help with.
The first one is block unsecured devices that are on your network. So, if you’re finding that your end users are accessing sensitive files or file locations or email, have you approved that? Are you aware that they’re using their own device? And if not, you need to limit the access to sensitive data for your organisation, especially if it’s remote working.
Second piece is blocking risky attachments. It makes so much sense to block things like macros. Macros can be very harmful and damaging, and if you do need macros to do your day to day job, it makes sense to put those through a sandbox or sanitise those attachments to make sure they’re clean.
The third piece is require strong authentication, and this can mean a number of things. Mainly, it means passwords. Making sure that your end users have the right password hygiene, the right password etiquette, not reusing passwords, not keeping a password for a long period of time, making sure that they’ve got two factor authentication to access these certain areas of sensitive information, data or emails.
Number four is patch consistently, and what we mean by this is updating your systems and your software. When we’re talking about laptops and PCs, make sure they’re running the latest operating system. What people fail to remember is that operating system updates contain security updates. They’re not just new features or a new user interface, they’re patches for vulnerabilities that the industry have found. So, when a new update is out, roll that out and make sure that you’re well up to date to stop any breaches coming through, especially when we’re talking about EMOTET, because EMOTET is a piece of malware that evolves quickly, which means that we need to patch quickly to get rid of that vulnerability.
Number five is backup your data. If you have sensitive and important information and you’ve got one single copy, that’s essentially a large risk area for you. The core question you need to ask yourselves is what would happen if that data was lost and the impact it would have on the business. Of course, if it’s a significant one, you certainly want to make sure you have a plan B and even a plan C in place.
Number six is implement failover systems, which leads into operational dependency, in particular for email. Should your email go offline, how quickly can you get back online before it becomes detrimental to your business?
Number seven, awareness training. Educate your end users. Don’t forget about them. Don’t simply rely on technical controls. Technical controls are mandatory, and they are great, but it makes more sense to educate your end users and have them fill the gaps of where some of the technical controls don’t come into play.
And then the final one is, actually help your employees secure their home networks. As I mentioned, there’s a large amount of people across the UK that are working from home at the moment, and they may be using their own devices. If you have a bring your own device policy at the organisation, of course, that’s great. It means there’s less of a cost associated with the devices, laptops, PCs, iPads that you’re providing, but you want to make sure they’re protected. But not just for the business’s protection as well, it’s good to educate your end users on what cyber security threats look like for their own personal lives as well, because it makes it more relatable and more tangible.
Sometimes we find that employees simply rely on a company’s technical controls and they don’t worry about it, they’re quite reckless because they believe that IT is there to make sure that they’re safe. So, they can click on anything and they’re not worried about it, which isn’t necessarily true. They should have the same mindset wherever they are. If you’re on the internet or you’re using email, you need to be aware of the threats that are out there.
So, educate them on what phishing is, and it doesn’t just mean they’ll receive phishing emails on their company email address, they might get something to their person Gmail that might be a PayPal link or a credential harvesting attack. Make it relatable and let them know that the same threats that apply in the office apply when they’re working from home as well, and it makes it much more tangible and cohesive in their mindset and their awareness when it comes down to it.
So, final thoughts. One thing that we want to bear in mind is, yes, 2020 has been quite a challenging year for most of us. It’s been very difficult. There’s a lot of things to think about. But it’s not all doom and gloom, and I think the positive thing that’s come out of the pandemic is the fact that most of us now as organisations need to think about our cloud strategy and the protection that comes associated with that. The kind of new behavioural patterns that we have and the new way that we’re protecting our organisations and the level of awareness we have is great. There’s certainly an increase in the need for that, but that should be something that’s futureproof.
It’s not just for COVID-19. These should be things you’re deploying across your business in general so it allows you to uncover any risk areas that you may have, shrink that attack surface that you have, empower your end users and educate them, and then in the long run you’ve got more of a robust stance on your security and business continuity plans.
So, mindful that I’ve spoken a lot at you, and we’ve covered off a lot of information, I wanted to use the final minutes of this session to cover off any questions that you may have. So, if there’s anything that comes to mind, as I was speaking or any particular scenarios you may have across your business and you’re curious, we can certainly use the last 20 minutes to cover off those questions. So, please feel free to use the chat window. OK.
So, we’ve got one question about the cost of the awareness training courses and also the package information. Really good question. I would certainly recommend reaching out to Totality Services to get more information on any of the packages or some of the topics that we spoke about today.
We’ve got another question on how can we access the awareness training for the team? A really good question. Again, reach out to Totality Services. It is completely a cloud-based solution. So, it really just depends on having a licence for the solution for each of your users, and then setting up access, and then you’re good to train your users with phishing simulations or video content.
Excellent question around how do we go around securing employees’ home networks? Really good question. There’s a number of different things you could do. I would certainly recommend leaning on John and his team at Totality, but some of their quick recommendations that we can have here are things like educating them on passwords, system updates as well. So, we’re not just talking about their wi-fi. Their wi-fi is one area and we want to make sure their wi-fi has the right password protection on that, and you may need to support them with that.
But the other side, of course, is the devices they have on that wi-fi. Perhaps recommend using a VPN, perhaps recommend using secure passwords for the websites they’re using, and also the use of password managers. If people are using the same passwords for everything it can be quite risky. The one rule of thumb that I typically have when it comes to cyber security is, if you’re using the same passwords at least use multifactor authentication. So, you need an access code as well as a password to log in.
And the one password that I believe should be different from the rest, because that’s the priority, is the password to your work email and your personal email. The reason I say that is, if an attacker can compromise any of those accounts they can simply do password resets on all of the cloud-based accounts associated with that email address and then login to other systems and third-party solutions. So, you want to make sure that their email passwords are the ones that are the most robust with MFA to begin with, and then you can start working on other areas.
Super. So, I think that wraps it up in terms of questions. I certainly want to thank you all for your time and joining us today on the webinar. It was excellent. I’m just going to pass back to John to finalise, and then we can wrap things up.
John Saville: Adon, thank you very much for delivering that webinar. It’s really useful. If anyone has any further questions, please reach out to us at Totality. That’s myself, Joe or Charlie. We’re all here to answer any questions that you may have. Once the webinar is finished we’ll be hosting this on our website and we’ll send out a copy to all of you that have attended today, and thank you very much for doing that. If you’ve got any further questions, please reach out to any of us and we’ll be happy to help. Thanks again Adon for a very informative webinar.
Adon Blackwood: Super. Absolute pleasure. Thank you everyone. Take care.