The mass migration to working from home last year had a huge impact on the world in various ways, as office buildings emptied out and newly remote employees adjusted to less time spent commuting and more time spent in sweatpants. Unfortunately, the transition to remote work arrangements also inspired a staggering amount of cybercrime as hackers sought to take advantage of new attack surfaces. The traditional security perimeter has disappeared as businesses must now assure that staff members accessing corporate apps and data from various locations utilize secure connections and devices.
If all or some of your staff members currently work from home (or any site other than the office), you must adjust your cybersecurity strategy to address the new vulnerabilities created by remote work infrastructure. That includes not only the solutions and services you deploy to protect your network but also your approach to security awareness training.
Why Remote Work Means More Risk
As many companies instructed their employees to do their jobs from home last year, they didn’t update their cybersecurity strategies to account for the new risks and vulnerabilities presented by remote work. A June 2020 survey of people in the U.S. who had recently transitioned to working from home found that more than half still hadn’t received new security policies concerning how to perform their professional duties securely, according to IBM Security’s Work From Home Study. Additionally, 53 percent reported using personal computers and laptops to work from home, and 61 percent said their employers hadn’t distributed tools to properly secure those devices.
In the same vein, a 2020 Malwarebytes survey of cybersecurity and IT leaders at businesses of various sizes found that 44 percent of organizations didn’t offer security training that addressed the risks associated with working from home, such as failing to set strong passwords and sharing devices with unauthorized users. Five percent of the survey respondents described their employees as oblivious to best practices, and 20 percent had experienced a data breach caused by a remote employee.
Failing to adequately train distributed teams and address the possible pitfalls of working from home in the realm of data security can be a costly mistake. The global average cost of a data breach was $3.86 million in 2020 – and remote work has an average impact of $137,000, according to IBM Security’s Cost of a Data Breach Report.
While implementing solutions like secure access service edge (SASE) can make a big difference, the most advanced tools in the world can’t save you if your team is uninformed. Ultimately, it’s better for not only your bottom line but also your reputation to proactively educate your end users on how to combat cybersecurity threats and minimize vulnerabilities while working in settings other than the office.
How to Adjust Your Security Awareness Training to Combat New Vulnerabilities
To keep your data breach risk level as low as possible while some or all of your staff members work from home, be sure to address these potential vulnerabilities and best practices in your training program.
- Best password practices: Provide guidelines for proper password management, such as how to come up with strong passwords, how often to change them, and why you should never share those passwords with unauthorized users.
- Device locking and sharing policies: Your team members should know not to leave any devices utilized for work unlocked and/or unattended at home to prevent unauthorized access, according to the Kaspersky Daily blog entry “Remote working safety and security.”
- Utilization of SASE to access corporate apps and resources. A SASE solution with a zero-trust framework only gives end users access to the specific resources they need to do their jobs based on a determination process and their device’s security checks. If you want to minimize your chances of experiencing a breach, implement SASE and instruct all your remote staff members to use it.
- Phishing tactics and how to recognize malicious emails: Phishing remains a popular strategy in the world of cybercriminals, and the fraudulent messages often serve as a transmission vector for ransomware. Make sure your team members know how to identify a suspicious email and avoid taking the bait.
- Multi-factor authentication (MFA): This cybersecurity solution adds an extra layer of protection against hacking by requiring additional information beyond a username and password to log in. However, it’s imperative to ensure consistent implementation by auditing and enforcing MFA usage across your organization.
If you need assistance ensuring every member of your staff knows how to keep corporate data safe while working remotely, our security analysts offer comprehensive employee security awareness training services. We can even test your team’s ability to spot scams with our spoof phishing software. For details, give us a call at 877-599-3999 or email firstname.lastname@example.org.