COVID-19 has brought on new and unique cybersecurity challenges to business owners and IT teams, largely because this is the first time many Canadian organizations have to learn how to manage remote workers, as well as rapidly scale up their remote working capabilities.
Practically overnight, businesses have been flipped on their heads. Whether you’re a student, a small business owner, or an employee at a large organization, you’ve likely been presented with new tools, processes and ways of working that you’ve never considered before.
These problems are compounded by the fact that cyber criminals are using COVID-19 as a golden opportunity to attack businesses employees and household. When you take the fear and anxiety of a public health crisis, then add in the flood of information pouring into inboxes every day, it creates a perfect cocktail of conditions for email- and web-based fraud to occur.
Usually, most organizations have IT teams and specialized systems to protect employees when they’re at work. However, one of the risks with remote work – especially the forced and largely unplanned remote work we’re experiencing right now – is that organizations might not have the ability or protocols in place to manage the devices and networks of your employees at home.
Employees might be using personal or shared devices at home to access work systems from home, in addition to using their own personal networks. They might also be using new and potentially unvetted tools to communicate or do their jobs if needed. And they might be stressed, distracted or overwhelmed, making them more vulnerable to cyber threats like phishing and business email compromise emails disguised as entreaties or announcements from employers, government or other essential service providers. A single click on a malicious link by an unsuspecting employee can lead to a compromised network.
This is why cybersecurity awareness training is so critical, especially right now.
Threat aware employees are always the first line of defense against cyber intrusions, and too often, that defense needs strengthening. Training is a people-centric solution that creates a heightened awareness of threats, offering intelligent protection when technology can’t, or when technology fails. Cybersecurity awareness training, as you might expect, is an awareness-based program that provides cybersecurity fundamentals to your staff, oftentimes reinforcing that training through simulations of phishing, SMS incidents and other threats.
How to use awareness training for your remote workers
1. Provide dedicated training for teleworking and COVID-19 threats
Training curriculums often cover the basics, like social engineering, ransomware, and device security. But working from home presents new threats and risks which need to be educated on. Employers should be providing a course that covers topics like home network security and the risks with personal devices.
|Free resource: CIRA has developed a “cybersecurity for remote workers” course that is free for all Canadians to download to learn about how to protect yourself at home. Access it here.|
You can also create custom phishing tests that speak to the types of risks you might see from COVID-19 or working from home. We’re seeing lots of scams pretending to be government websites for financial relief, as well as CEO fraud asking for financial information.
2. Educate employees about new tools and policies
Awareness training can be about more than just phishing. You can use your training platform to teach your employees how to use new tools and follow new processes and policies you’ve developed in response to working from home.
For example, if you’ve released a new VPN to enable your staff to securely login to your work network, you can create a quick training course explaining how it works and how to install it. The added benefit of doing this in a platform instead of just sending out a company-wide email is that you can track who has seen the training so you can follow-up accordingly.
You can also incorporate your IT policies into your training materials inside a platform. We’re seeing lots of organizations implementing new work-from-home and acceptable device use policies. Connecting those with a training course provides additional context about why you’re introducing a new policy, making it more likely to be adopted by your staff
3. Gain insight into employee cybersecurity awareness and understanding
CIRA’s awareness training platform is unique in that it gives every user a risk score that changes based on their training and testing history. You can use these scores, as well as attitude surveys, to see how your staff are adapting to a world of remote work.
For example, you can watch the difference in training scores among staff before and after you’ve implemented a work-from-home policy. Many companies experience increased cyber incident report rates and phishing test failures among their staff during the transition to working from home.
You can also look at user surveys to see how attitudes and perceptions of certain risks change over time. For example, you could see your employees’ perceptions of the safety of cloud storage services change as they begin to rely on them more often for doing their work remotely. This could be an opportunity for you to provide training on those risks, or implement a secure solution for them.
Getting started with awareness training
Awareness training programs come in all shapes and sizes and can be designed to accommodate the unique needs of different organizations.
Webnames and CIRA on Thursday, April 23, 2020 10:00 AM – 10:45 AM PDT webinar covering:
- Evolving cybersecurity threats and WFH challenges arising from COVID-19
- What cybersecurity awareness training is and why it’s effective
- How to use cybersecurity awareness training to create threat-aware employees, protecting them and your business
We will also be covering the features and benefits you should be looking for in an awareness training platform, as well as talk about how to make your training program effective at changing employee behavior.
Recording of the webinar with CIRA:
This article deals with cybersecurity awareness training for staff in organizations. For website security and other aspects of online security for your business, we recommend using the Domain Security Scan tool.
This article was a collaboration between Webnames and Jon Lewis, Product Marketing at CIRA.