If you visited a social media site today, chances are very good that you know about David Bowie’s death. Although I personally got the news when my husband woke me at 6 a.m. to tell me, the first 50 or so updates in my Facebook provided a lot more detail. Beyond the line quotes from Bowie’s songs also appeared videos, pictures and other graphics.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=iI expect later on this evening that my fellow sports fans will move from the Bowie news to conversations revolving around tonight’s national championship college football game, again with plenty of video replays and GIFs.
Now, it seems like these two events have nothing to do with each other, and on the surface, they don’t. But as the day goes on and the number of Web searches on both of these topics increases, I suspect both events will be used for malware scams. (In fact, I’m a little surprised I didn’t get any warnings about potential scams for the football game.)
It happens all of the time – a major news or sporting event occurs, and the bad guys jump in to create malicious downloads or set up fake sites based on the event. The NCAA basketball tournament is prime time for such scams, for example. Expect similar security concerns to pop up with Super Bowl 50, the Summer Olympics and the presidential elections. Normally, I wouldn’t include the death of a major rock star as a Big Event security risk, but with the sheer number of videos popping up on my Facebook feed and seeing that Bowie is a trending topic everywhere, I absolutely expect bad guys somewhere to take advantage of fans’ grief and the desire to find music and pay tribute.
This is a good time to remind employees about the risks involved with searching for more information, particularly videos and graphics, on these popular topics and events – not just on their work computers but in their personal use (especially if personal devices are used for BYOD). It’s also a good time to evaluate your cybersecurity training for your employees. As the Society for Human Resource Management reported, quoting Stu Sjouwerman, CEO of KnowBe4, maker of a security awareness training and simulated phishing platform:
Training employees on company security policy when onboarding or annual training is not enough. To be most effective, use anti-phishing tools to frequently test employees on a variety of types of subjects and times, then follow up with remedial training for anyone who fails.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba