Cybersecurity threats of all kinds are on the rise since the start of the COVID-19 pandemic, in part because cybercriminals see an opportunity to exploit the unprecedented numbers of people working from home. More than one-third of employers in one recent survey said they have experienced a security incident because of a remote worker’s actions.
Remote workers are inviting targets because they lack many of the protections that exist in a secure office environment. Furthermore, research suggests that few at-home workers are savvy enough to take proper precautions without extensive guidance from security professionals.
A new study from Proofpoint paints a disturbing picture of the lack of security awareness among end-users. The survey of more than 3,500 working adults found that many lack fundamental cybersecurity knowledge and fail to follow security best practices. Some of those findings include:
- 90 percent admit they use employer-issued devices for personal activities.
- 66 percent believe that antivirus software will prevent all cyberattacks.
- 51 percent believe the company IT team will be notified automatically if they accidentally install a virus or other malicious software.
- Poor password practices are common, with 45 percent admitting they reuse passwords and 51 percent reporting they do not password-protect their home Wi-Fi networks.
- Large numbers of users can’t define ransomware (69 percent), phishing (39 percent), or malware (34 percent).
Building User-Centric Security
With remote work likely to remain standard operating procedure for the foreseeable future, organizations must take steps to improve the security practices of their remote workers. While that likely will require additional investments in endpoint security, web filtering, and other technologies, organizations must complement those tools with comprehensive employee training and education programs.
It’s hard to overstate the importance of a user-centric approach to cybersecurity. Worldwide cybersecurity budgets are approaching $130 billion annually yet cybercrime continues to grow unabated, with most data breaches caused by human error. Consistent training and education programs reinforce that security is a core company value and help boost employee diligence.
Phishing awareness should be a core topic in any education program. The use of fraudulent emails to obtain sensitive information is a gateway attack that sets the stage for a variety of additional threats such as ransomware, data exfiltration, and more. Industry analysts say roughly one-third of all cyberattacks begin with phishing.
Spot the Warning Signs
Training materials should remind remote workers of three essential practices for avoiding phishing attacks — don’t open emails from senders you don’t recognize, don’t click on email links if you aren’t certain it is legitimate, and don’t open email attachments unless they are expected and come from a trusted source. Teach them the telltale signs of a phishing scam —emails with spelling, grammar, logic and syntax errors should raise red flags. Test employees with simulated phishing emails to see if they can recognize current threats and techniques.
Safe web surfing, proper password practices, mobile device security and secure Wi-Fi use are other topics that should be covered in your training programs. Company intranets or self-service portals are great platforms for conducting instructor-led classes, webinars and video training sessions, and creating a library of security awareness content.
Mainstream Technologies can help you establish a comprehensive employee education program through our alliance with KnowBe4, the world’s largest security awareness training platform. KnowBe4’s training modules were designed with the help of Kevin Mitnick, the one-time hacker, and now internationally recognized cybersecurity specialist. Contact Mainstream Technologies to learn more about establishing a program to improve the security of your remote workforce.
Jeff Pracht
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 Mobile
