The Ping: Training to Increase Cybersecurity Awareness

June 21, 2019 Corie Bogan Leave a comment compliance, hipaa, malware, network, PCI DSS, planning, safety, Security, The Ping, update, virus, vulnerability

Last week in The Ping: State of Cybersecurity, we spoke about the rise of cybercrime. Cyber criminals are continuing to find ways to access both personal and organizational networks. The good news is that there are a few things you can do to help prevent this from happening to you and your company.

What is Cybersecurity Training?

You might be wondering, “what is the first step to improving my cybersecurity?” Training. Although keeping your system’s security and patching up-to-date and functioning properly is a necessary step, the best way to help prevent your company from becoming a victim of a cybersecurity attack is to train your employees. Teaching your employees what to look for when receiving suspicious emails or even emails that don’t appear as suspicious to begin with helps prepare them for when the inevitably do receive that type of email. Most training can also be customized to individual companies depending on their wants and needs. Are you required to be compliant in CJIS or HIPAA? Your training can be customized to match these and many other compliance needs.

What does Training look like?

Most basic training is going to be online courses that each employee will take. It will also include quizzes to test these newly learned traits. Most courses include what you should and shouldn’t click on in emails or on untrusted websites. Also, what to look for when you do receive a fishy email. The more advanced versions will send spoof emails to see if your employees are retaining what they’ve learned. Employees who click on the links in the test emails are recorded and often made to either retake their training or receive advanced courses. It also gives you the knowledge and insight into who some of your biggest offenders may be, so that the behaviors can be corrected.

Spear Phishing

One of the most effective types of attacks is called spear fishing. “Spear phishing is email targeted at a specific individual or department within an organization that appears to be from a trusted source. It’s actually cybercriminals attempting to steal confidential information,” – KnowBe4.

Spear phishing can have dire monetary consequences. In August 2015, a spear phishing attack landed at Ubiquiti’s doorstep. Hackers stole nearly $47 million by spoofing communications both from within the company and posing as an outside source. “The incident involved employee impersonation and fraudulent requests from an outside entity targeting the company’s finance department,” according to KrebsonSecurity.

These attacks can happen to both large organizations like Ubiquiti Networks or the Democratic National Committee, or small institutions, as in the case of The University of Michigan Ford School of Public Policy. This past week, “students, faculty and staff received an email last Tuesday from phishers masquerading as staff members inquiring about their recipients’ schedule availability.” – The Michigan Daily. If just one person in an organization falls victim to one of these emails, the effect can be companywide. If one users email becomes compromised, a cybercriminal can send an email to everyone in their contact list. This can drastically increase the likelihood that the network becomes compromised.

By now you’re probably thinking that training seems like the best direction to keep your network safe, but who has time for that? We’ve got you covered! Since 2017 UniVista has included cybersecurity training in every Comprehensive support agreement we roll out to protect you and your business. The best part of all of this, is you don’t have to worry about it. Our team assigns classes (or campaigns) best suited for your industry. We also monitor who has and hasn’t completed their courses leaving you to worry less and focus more on your day to day company tasks. UniVista has not had a single successful ransomware attack involving any customers who have had the cybersecurity suite deployed. Training is an important first step and an entry point so that a proper Security Plan can be implemented. What is a Security Plan? Stay tuned next week to learn more!

Your UniVista Team
*Celebrating 20 Years of Customer Satisfaction*