Here’s how you can help your remote working heroes shore up their phishing defences – Now!
More critical than ever before in light of COVID-19 – Cybersecurity awareness training is the best way to provide your remote working team with the knowledge they need to fight phishing with force.
Whether your business continuity plan was non-existent, half-baked or fully built out pre-COVID-19, the en-masse ramp up to remote working has pushed businesses well beyond any previous remote working comfort zones they may have had and propelled them into a whole new kind of normal.
Business continuity in peace time is no easy feat. But in the rush to get battle-ready COVID-19 style, there are a multitude of steps that have been skipped, circumvented and side-tracked in the quest to get everyone ready to withstand the uncertain months ahead.
Now that your team may have settled into some kind of new working-from-home normal, it’s time to circle back around and consider a very important question around your IT security provisions.
Does having your team working from home change your exposure to cyber threats?
Short answer is – Yes – more so than you may realise. Here’s why…
Why is your team more cyber exposed working from home?
The moment your team started working from home, your organisation’s digital perimeter expanded outwards, taking with it access to your data, systems and assets, right into the home offices of every one of your people.
Add into the mix now a cocktail of under-speced devices, unplanned data storage, lack of remote working backup provisions, and reports of a 14,000% (!!!) surge in COVID-19 related phishing attacks over the last few months, and you see how your IT security threat landscape has just expanded exponentially alongside the move to remote working.
What’s the weakest link in your digital perimeter?
The one thing we already know is that people are the absolute weakest link in IT security protections – whether they’re at home or at the office. And not just employees – your contractors, your managers, your executive team – even your board – are all prime candidates for human error based data breaches!
Year after year updated cyberthreat statistics show that the number-one way attackers are gaining access to your systems and data is through HUMAN error. A whopping 91% of data breaches occur despite up-to-date security protections being in place, with some studies showing human error as a factor in over 92% of all data breaches.
What does human error look like to be exact ?
- An employee clicking on a seemingly legitimate, “click here to view or download this important document” link in an email and then inputting their log-in credentials onto a convincing but fake landing page
- Using overly simply, easily guessable passwords, and using the same password across multiple services
- An executive actioning a payment request from an email address that looks like it’s from a colleague or someone they think they know and trust.
- An overworked or stressed team member powering through their inbox without realising that those tax-time or online shopping delivery notification emails they’re receiving are not for them.
Sound familiar ? (That’s ok – we won’t ask for a show of hands)
What is cybersecurity awareness training and why does your team need it?
You may already be reviewing and upgrading your WFH IT security systems and protections, but don’t stop there. Leaving out the security awareness and training piece of the puzzle means that you are failing to address the number one risk factor – simple unintentional human error judgements made by your people as they balance working from home, remote schooling, new schedules, and new work delivery schedules.
And here is the real kicker – attacks designed to prey on our human vulnerabilities target absolutely everyone in your organisation. No one is immune and every single person poses a “human error” risk – board member, managers, IT guy and team members alike.
By arming your people with the knowledge and training to avoid common security mistakes, you can drastically reduce your likelihood of experiencing a cyber security incident – plus you’ll have the metrics and security scores to prove that you’re actually improving awareness and good cybersecurity practices across your business.
“But we trust our team…I wouldn’t want them to think we are pointing fingers or trying to catch them out…”
It’s important to reassure your team that we’re not talking about the traditional notion of trust here – we’re talking about a concept known as ZERO Trust. What does that mean? It’s about shoring up your organisations cyber defences by teaching your end users NOT to trust.
What can you expect from a security awareness and breach prevention program?
Once you’ve decided that you want to provide regular cybersecurity awareness training to your team, your staff will:
- Learn firsthand how to identify a phishing email and when not to click a link.
- Understand exactly what happens if they do click on a malicious link and how that action exposes themselves and the business
- Gain insights into the types of language used to evoke panic and how criminals engage social engineering tactics to play on our human vulnerabilities
- Get access to regular, ongoing, targeted training models to continuously level up their security awareness and skills.
And for your business as a whole, a security awareness and breach prevention platform will give you the opportunity to:
- Provide low-touch, automated regular and staggered phishing and malicious email -based simulations across your team
- Give your team access to quality, engaging, up-to-date cybersecurity training and a way to track their progress
- Track and measure individual results, organisation-wide results and your business’ overall security score to use for extended learning, training, and even performance management discussions.
Remember that 14,000% stat we cited earlier? It’s time to look at how a security awareness and breach prevention platform will help you build your own zero-trust phishing force field.