In the history of IT and cyber threats, there has never been a more critical time for organizations to employ security awareness training than now. With employees working from home, the opportunity for cyberattacks to succeed is greatly improved. It may appear that, because you have the same security measures in place, you should be equally protected, but there’s one major factor that tips the scales in the favor of the cybercriminal – your users working from home.
While the shift to have employees work remotely largely focuses on empowering employees to remain productive, despite being away from the office, organizations also need to shore up their security by taking a proactive stance in leveraging security awareness training for three reasons:
Cyberattacks focus on employees as targets – Phishing attacks remain the single-most used attack vector to allow the bad guys direct access to your organization’s endpoints, credentials, applications, and data. If a phishing email is presented to one of your employees, it means your security solutions haven’t detected it as malicious, leaving the employee to be your last line of defense.
Employees aren’t thinking about organizational security – Think about it; your average remote worker is sitting at a make-shift desk, trying to balance helping their kids with distance learning assignments and attending online meetings. They’re learning new digital workplace platforms, applications, and processes before they even shower for the day. Security is the last thing on an employee’s mind.
Attacks and scams are increasingly aligning with remote working – Cybercriminals conjure up scams that seem familiar to users. The use of shipping, billing, and banking stories, as well as the use of impersonated domains, business, and people, all have traditionally worked in favor of the bad guy. But, new scams are being molded around the current work circumstances. For example, we’ve recently seen the massive growth in Zoom-related attacks simply because of Zoom’s increase in popularity for business use. Organizations should expect this to trend.
Security awareness training does two things very well. First, it educates the user on the importance of their participation in the organization’s security. These recent times provide a great perspective about how quickly a job can disappear. So, teaching the user that their security efforts make a difference in keeping the organization’s proverbial doors open is an important part of security awareness training.
Second, security awareness training keeps users current with attack trends, scams, methods, and more, so they become vigilant in their thinking and keen in their ability to identify a suspicious-looking email, text, voice mail or phone call. Training users to err on the side of caution is a powerful asset in the war against cyberattacks.
In this alternate universe of work scenarios, organizations need to embrace that they need to not just work differently from the in-office ways used just a month ago, but also need to secure differently by putting some of the responsibility onto the user and utilize them as a layer of your organization’s defensive strategy against cybercriminals.
