In the history of IT and cyber-threats, there has never been a more critical time for organisations to employ security awareness training than now. With employees working from home, the opportunity for cyber-attacks to succeed are greatly improved. It may appear that, because the same security measures are in place, organisations should be equally protected, but there is one major factor that tips the scales in the favour of the cyber-criminal – the users now working from home.
While the shift to have people work remotely largely focuses on empowering employees to remain productive, despite being away from the office, organisations also need to shore up their cyber security by taking a proactive stance in leveraging security awareness training for three reasons:
- WFH Employees aren’t thinking about organisational cyber security
Think about it; your average remote worker is sitting at a make-shift desk, trying to balance helping their kids with distance learning assignments and attending online meetings. They’re learning new digital workplace platforms, applications, and processes before they even shower for the day. Cyber security is probably the last thing on an employee’s mind.
- Cyber-attacks focus on employees as targets more than ever
Phishing attacks remain the single-most used attack vector to allow the bad guys direct access to an organisation’s devices, credentials, applications, and data. If a phishing email is presented to an employee, it means your organisation's cyber security solutions haven’t detected it as malicious, leaving the employee to be the last line of defence. - Attacks and scams are increasingly aligning with remote working
Cyber-criminals conjure up scams that seem familiar to users. The use of shipping, billing, and banking stories, as well as the use of impersonated domains, business, and people, all have traditionally worked in favour of the bad guy. But new scams are being moulded around the current work circumstances. For example, we’ve recently seen the massive growth in Zoom-related attacks simply because of Zoom’s increase in popularity for business use. Organisations should expect this to continue to trend.
Security Awareness Training does two things very well. First it educates the user on the importance of their participation in the organisation’s security. These recent times provide great perspective about how quickly a job can disappear. So, teaching the user that their security efforts make a difference in keeping the organisation’s proverbial doors open is an important part of security awareness training.
In this alternate universe of work scenarios, organisations need to embrace that they need to not just work differently from the in-office ways used just a month ago, but also need to secure differently by putting some of the responsibility onto the user and use them as the last line of defence in the organisation’s defensive strategy against cyber-criminals.
Contact Pensar to find out more about how we can help your staff be more aware.