You may have recently heard or read about a new vulnerability in WhatsApp and how it is being exploited. Through this new attack, once exploited, the attacker gains absolute control and visibility of all data on the phone. Understandably so, many people in your workforce may have questions or concerns about how to avoid being a target and protect their data.
Below is a communication template you can use to send out to your workforce explaining the situation in simple terms and outline what they can do. Opportunities like these to help and inform your workforce are incredibly constructive, as WhatsApp is an app, used by millions of people to communicate with others in a personal and emotional way. As the security awareness professional, this is great chance to engage while reinforcing key behaviors you want people to consistently exhibit and follow, in this case keeping their mobile devices updated. Edit and customize as you see fit to best reach your unique corporate culture.
Team,
You’ve likely read in the news about a new, targeted attack on WhatsApp, a hugely popular mobile app owned by Facebook that is used by millions of users for communication. You probably have a few questions or concerns, so we wanted to clear up some information for you and help you take steps in protecting your devices.
Essentially, a specific Israeli organization called NSO Group located a vulnerability in the mobile app and discovered a way to hack the app by simply calling someone on their phone. This group then used this hacking technique to target only a few specific individuals. To the best of our knowledge, this attack is not being used to attack or target large groups of people.
Fortunately, Facebook released a fix so the attack can no longer work. To protect yourself, please ensure you are using the latest version of WhatsApp and double check that your mobile device is running the latest version of it’s operating system.
Not sure how to do that? The simplest way to do this is to locate the updates section on your mobile device and confirm everything is current. We also recommend enabling automatic updating on your mobile device, so it automatically updates both your phone and your apps whenever a new version is released.
Unfortunately, bad guys are constantly finding new vulnerabilities in the everyday systems we use, and vendors are continually releasing new patches and security features to fix them. Protecting computers and mobile devices via current updates and running the latest OS, programs, and mobile apps is one the most effective steps you can take to protect yourself. Still confused? Not a problem. We can help! Just reach out to our security team at xxxx@xxx.com and we’ll walk you through your security options.
Though
breaches and hacks are not ideal, this is a simple, but effective
opportunity to engage and help your workforce. You’re building trust
that will go a long way in the future. If you have questions about how
to better engage your workforce, learn more from your peers at the
upcoming Security Awareness Summit this August in San Diego, California.
