According to a Digital Defense Report published by Microsoft in 2021, the private industry's support of remote work, in addition to factors introduced by the COVID-19 pandemic, has made remote workers a lot more susceptible to the actions of cybercriminals. Per the 2021 Microsoft report, "While most industries made the shift to remote work due to the pandemic, it created new attack surfaces for cybercriminals to take advantage of, such as home devices being used for business purposes."
As you can infer, for companies
that employ remote workers, it is important to implement training measures that teach them all about various cybersecurity dangers. But what should the training process look like?
Let's explore some areas of consideration for your training process. These suggestions have been put forth by SANS Security Awareness in its Security Awareness Deployment Guide that covers how to securely work from home. The SANS guide outlines the core cybersecurity risks that remote employees are most likely to face as they work from the comfort of their homes.
Risk No. 1: Social engineering attacks
Social engineering attacks are one of the most dangerous and frequent risks that remote workers face while on the job from home. In essence, social engineering risks refer to situations where remote workers face psychological attacks. In these instances, the social engineering perpetrator tricks remote workers into making mistakes.
The perpetrators do this by taking advantage of vulnerabilities that remote workers deal with during difficult times involving a lot of change. You can think of the COVID-19 pandemic as a prime example of a time when social engineering risks were very prominent.
However, rather than focusing strictly on phishing attacks via email, it is important that employers pay attention to other modes of social engineering attacks, such as via text, over the phone, on social media and through the spread of fake news.
Risk No. 2: Not having strong passwords
A main cause of global data breaches is none other than weak passwords. Though not the only contributing factor, weak passwords put remote workers at risk of having their information stolen or compromised. To counter the likelihood of your remote employees being subjected to data breaches, make sure you train them on the importance of strong passwords and how they can reduce password-related risks.
During the training period, consider addressing the following points:
- Setting up extra security measures, such as passphrases.
- Establishing unique passwords for every online account.
- Utilizing password managers.
- Enrolling in multifactor or two-factor authentication.
Risk No. 3: Using outdated systems instead of updating them
Something else to keep in mind is that out-of-date technologies are gold mines for cybercriminals who want to target remote workers. To combat this, take measures to ensure that the operating systems, online applications, mobile applications and other forms of technologies that are used by your remote employees are always updated.
Also, remote employees who use their own personal devices for work-related tasks should be advised about the importance of keeping their systems updated too. For example, remote workers can enable automatic updates, which is especially helpful if updating devices is something your remote workers put off or forget to manually do.
3 more cybersecurity topics to cover in training
For starters, you'll want to let your employees know about the importance of identifying and addressing suspicious online activity. Let your employees know what suspicious activity looks like and how they can report any suspicious activity they see.
From there, let your employees know that if they work remotely outside their own homes, they are still in harm's way given the public nature of their workplace. As such, make sure they consider the cybersecurity threats associated with their daily work routines.
Finally, inform your remote workers about the importance of keeping their work-related technology private. Relay the fact that they should not let unauthorized persons access their work-related technology, including family and friends.
Make it a point to offer cybersecurity training to all remote employees
Training new remote employees on all things cybersecurity during orientation is always a wise idea. For remote employees who have been with your company for a longer period of time, make sure you provide training periodically so that your long-term remote employees are educated on critical cybersecurity developments as they arise.
To ensure that the training you provide to your employees is accurate, up to date and thorough, consider hosting training sessions that are led by remote-work cybersecurity experts.