If there is one thing we can count on, it is that cyber-criminals will always try to capitalize on any significant events happening in the world. Unfortunately, the COVID-19 outbreak is no exception to the rule. We are already seeing a huge number of scams and social engineering attacks – from email-based phishing to phone calls, text messages and social media – that are taking advantage of the massive changes in everyone’s daily lives, and the confusion and anxiety being felt throughout society worldwide.
The current situation is just about the perfect environment for the bad guys to trick people working from home for the first time or school students – many as young as four or five – who are now using eLearning for the first time. None of us have all the security technology protecting us at home that we normally would at work or even at school.
Remote work is not a new concept, and we are lucky at this time that the technologies exist to enable such comprehensive communication remotely. However, for many businesses, managing an entirely remote workforce is completely new, which means they may lack the processes, policies and technologies that enable employees to work from home safely and securely.
For this reason, SANS has made available a wide range of free resources both to help organizations and individuals to stay safe during these very difficult times and to enable ongoing cybersecurity learning at a time when cybersecurity professionals may find themselves working from home and in a more restricted way
For home working, the key thing is making sure that employees working from home understand the key risks and behaviors to protect themselves. Some basic security training about working from home can go a long way to help protect employees and their organizations.
To help companies address this, SANS has released a free “Securely Working from Home” Deployment Kit which provides security awareness professionals with a step-by-step guide on how to rapidly deploy a training program for their remote staff. All the training materials and resources necessary to secure a remote, multi-lingual workforce are included in the kit.
SANS director of security awareness Lance Spitzner said: “The training materials are a combination of both our public resources and paid training materials. This comprehensive kit includes videos, infographics, podcasts, newsletters and digital signage in multiple languages all bundled in a single package that we are providing as a free resource to all who need it. We understand that this is a unique situation and we want to do everything we can to help the community secure their workforce during these uncertain times.”
Part of this kit is a simple homeworking factsheet to which IT teams can point their employees. The key advice is: be suspicious of any emails trying to create a sense of urgency to click on a link or send information; take steps to protect your home Wi-Fi (change default passwords and restrict access); create strong passwords on any websites you use; make sure any device is running the latest software; and don’t let family and friends use work devices.
Weak passwords continue to be one of the primary causes of breaches on a global scale. Anyone working from home should be reminded about the need for strong passwords such as passphrases, as well as the use of password managers and multi-factor authentication. It’s also important to ensure that remote workers are using technology running the latest version of the operating system and applications. SANS has made more info available on this in a video here.
SANS has also put together a free “Secure Your Kids Online” resource kit to help parents and guardians protect their kids online. Coronavirus has resulted in schools across the globe moving to an eLearning format at home so the SANS multi-lingual kit includes a step-by-step guide to help parents educate their children on online dangers such as cyber-bullying, predators and inappropriate content. A short video summarizing how to best secure kids online is also included.
For the information security professionals, SANS is providing a series of free online cybersecurity activities open to all members of the information security community to support them through the coming weeks and months.
These activities include an entirely free series of SANS@Mic evening talks, delivered by SANS’ expert instructors, and a series of Mini Netwars (capture the flag) events to provide continuing learning and hands-on training for everyone in the community.
SANS fellow, Ed Skoudis, explained: “SANS has always provided free resources to help the information security community. During these unprecedented times where, social distancing is the required norm and cyber attackers are increasing their activities, it is more important than ever to find ways of engaging and supporting our community. As a result, we have put together what we hope will be a really fun series of expert talks and Mini Netwars events that will run over the coming weeks and months. We are thankful for this community and are glad to be able to give something back.”
The SANS@Mic talks will run every Monday and Wednesday, twice a day for different time zones until at least June 2020. Currently scheduled SANS@Mic talks can be found on the upcoming webcasts page.
The Mini Netwars events will last up to three hours and will run every other week for the entire community. Mini Netwars Mission 1 and 2 have just run but you can still catch Mission 3 on May 14-15 and 4 will follow. All these events will run until 31 May and will be open to the public, not just SANS students. Additional information on the Mini Netwars can be found here.