There is a myriad of different cybersecurity solutions from an even greater number of vendors.  There are firewall vendors, endpoint protection solutions, email protection solutions, cloud application security solutions.  There are even security solutions that help protect against human error, as is the case with Microsoft Information Rights Management.  All of that is important to help minimize the growing threats on the internet. 

Ransomware is trendy these days.  Bad actors gain access to your data, encrypt it, then demand a ransom to decrypt the data.  They gain access several different ways, but one of the most popular is through email.  See this previous blog post for more on phishing.  Ransomware is not their only option.  Once they have your credentials for your email, there is no telling what they will do. 

So, while the security solutions mentioned above are certainly a necessary part of your overall cybersecurity strategy, they should not be your most important.  That may sound crazy, but the most important part of a highly effective cybersecurity strategy is in fact end-user training.  That’s not a typo.  The most important part of a highly effective cybersecurity strategy is end-user training.  The other solutions are there to help prevent your users from falling victim to bad intentions.  But if they are trained to spot ill intent, they can be a huge part of a very secure, very productive cybersecurity strategy.

What are things they should know?  Well, detecting emails that could be phishing or otherwise malicious is a great start.  Keeping data in shared repositories that are part of the overall backup and disaster recovery is a good option.  Not visiting questionable websites that could contain malicious code is another way to prevent unauthorized access.  One of the biggest ones for mobile users is not using public WiFi or hotspots for internet access. 

In addition to all these things, employees should know one of the most overlooked and important areas of cybersecurity awareness is Social Media.  Even well-trained employees may overlook the fact that social media has presented platforms for bad actors.

New attacks spring up all the time and one of the latest is the use of the CAPTCHA; a simple mechanism to identify a human from a machine.  CAPTCHA mechanisms use everything from puzzles to codes. Individuals with ill intent have discovered they can trick individuals through social engineering and the familiar CAPTCHA method.

You may ask, how is this possible?

The attacker, via social media, may find their intended target then reach out to that individual through the same platform.  Then employ a human interaction tactic such as “I want to connect with you but need to prove you’re a human” then ask the individual for their phone number and inform that person they will receive a code from XYZ service to prove they are human.  What is really happening is the attacker is using the individual’s phone number to sign-up for a service and the code received is an authentication code that allows the attacker to validate the connection.

This form of CAPTCHA attack is being used from everything to hijack Google Voice Numbers, Facebook, What’s App, and other social media accounts.

It doesn’t take long to arm your employees with the knowledge they need to be safe and productive in a cyber world filled with danger.  However, it should be part of your ongoing cybersecurity strategy and it will quickly become your best Cybersecurity.