Cyber Risk Aware offers free COVID-19 phishing tests

Read time 2min 50sec

Cyber Risk Aware is offering free COVID-19 phishing tests to help organisations defend their network against a growing number of cyber threats using the coronavirus pandemic as a lure.

Operating out of London and Dublin, Cyber Risk Aware provides real-time cyber security awareness training.

“With the majority of the workforce now encouraged to work from home, the risk of businesses experiencing a cyber incident is significantly increased," the company says in a statement. "Therefore, it is imperative staff and businesses are prepared and protected from these very present cyber threats as best as possible.”

According to Cyber Risk Aware, organisations need to pull together for the greater good. 

“Keeping businesses operational and protecting workforces from escalating threats should be a global consideration and a united collaboration.”

Covid-19 phishing scams

There has been a massive spike in phishing e-mail scams featuring COVID-19 lures, spoof government tax refunds and numerous fear-mongering messages that encourage click-throughs, leading to the compromise of personal data, or even bringing whole IT system networks down.

“The recent Czech Hospital cyber attack saw an entire hospital shut down as a result of a compromised network with devastating damage at this critical time,” the company said.

The phishing test enables users to register and run a free Cyber Risk Aware test phishing campaign, using one of its new COVID-19 phishing lures. 

"Now more than ever, security teams need to run simulated phishing tests to raise awareness of what real attacks look like and educate staff what to do in the event they receive a suspicious e-mail."

In addition, Cyber Risk Aware offers several best practices all organisations should put in place to ensure their remote workforces are helping protect the business, its data and reputation.

It advises the use of secure company-provided systems, and ensure cloud-based systems are patched and employees don’t use personal accounts. “Be prepared and equip your staff. Provide encrypted up-to-date devices with patched applications, and VPNs to access your company’s internal systems.”

It also urges employers to put protocols and processes in place should an attack take place to minimise the impact, and to set up secure best practice communication channels. "Have clear lines of communication, and avoid social media and WhatsApp when revealing sensitive data.”

In terms of what companies should not be doing, Cyber Risk Aware advises to never take the easy route, or implement shadow IT or any unsanctioned software, as this is an increasing threat to cyber security. 

“Don’t connect to public WiFi, but rather use a company-provided VPN or mobile data if accessing sensitive data. Don’t allow the use of personal devices as they are often insecure and vulnerable to cyber attacks.”

The company says password protections and encryption are also key, on devices, files and data. 

“Finally, don’t forget to backup data centrally. Be it the concern of a system crash or the risk posed by a ransomware attack, ensure all backups are made daily to a central location and that restores are tested regularly by IT staff.”

See also