Do hacker’s celebrate Valentine’s Day? Of course – they wouldn’t be the only one’s left out of celebrating a Hallmark holiday about love and devotion. After all, they are likely highly devoted to their cause…hacking.
All joking aside, employers and their employees should keep holiday trends, such as Valentine’s Day, in mind when considering cyber security at various times of the year.
BASELINE TRAINING
Regardless of the time of year, all employees should be trained to spot potential phishing attacks. Employers should considering using phishing simulation as a safe and product way to train staff too. Employees should also learn how to spot a ransomware attack, as these should be taken very seriously. With adequate training, preparation, careful planning, and vigilance, organizations can certainly increase their chances of surviving such an attack.
POPULAR WORDS AND PHRASES
Hackers may be more inclined to use popular words and phrases, based off a certain holiday, such as Valentine’s Day, or time of year in their attempted phishing or ransomware emails. It might be prudent to send a reminder email to employees to be on the lookout for phishing and ransomware emails, specifically ones that include the following “holiday” language: love, chocolate, devotion, roses, flowers, cupid, romance, candy, February, heart and more.
With certain holidays on the mind of employees, hackers will try to take advantage of that “top of mind” knowledge. Remind your employees of cyber security best practices, in addition to these keywords and phrases.
THE “TOO GOOD TO BE TRUE” SALE
If an email citing a sale for 80% off new Airpods or a Macbook for your “sweetie” sounds too good to be true…then it probably is. Employees probably shouldn’t be using company time or property to shop for their significant other, friends or themselves (be sure to check and/or update your BYOD policy), but employees, even in good conscience, may be prompted by an email to shop on company time. While employees shouldn’t be doing this in the first place, be sure to remind them how to spot these types of phishing emails. And, it’s always a good practice to re-train employees on a recurring basis – the beginning of the year is as good a time as any!
SENDER NAME, EMAIL DOMAIN…AND MORE
Hackers can be clever, so many phishing or ransomware emails may not include popular words and phrases or a “too good to be true” offer. Instead, employees should be trained to spot other “red flags,” such as an unknown sender, an error in an email address or domain, and more. If “Joe” from Sales rarely sends emails with sales or monetary requests, employees should “flag” that email and consider picking up the phone and calling Joe. Do not respond directly to the email; instead, take the conversation offline and check your sources.
Valentine’s Day should be about love…loving your friends, family, significant other and yourself – not about cyber security. Still, hackers don’t take a day off, even for such a positive holiday. Employers and their employees should keep holiday trends, such as Valentine’s Day, in mind when considering cyber security at various times of the year.