Cyberattacks have been steadily increasing over the past decade. However, over the span of 2020, the industry has seen an unprecedented rise of cyberattacks on businesses.
Although a gradual increase over time is expected, this current massive increase can be attributed to attackers capitalizing on the Covid-19 pandemic and the shift of the remote workforce.
The Initial Remote Work Challenge
It was challenging for businesses to pivot almost overnight to a secure remote environment. The security risks had to be assessed, looking at both corporate networks as well as employees’ remote environments. Then, ensuring employees had the right tools to work efficiently, along with additional security protocols in place to keep company data protected.
What Does Remote Work Look Like in 2020?
After almost half a year of the pandemic, businesses have deployed secure remote work environments for their employees. Provisioning hardware to keep their staff agile and incorporating new security processes and policies. However, the most vulnerable component that plays an important role in the overall cybersecurity strategy, is the end user.
Users are central to cybersecurity because they can be the target, problem and solution. They are targeted by cybercriminals who seek ways to exploit user’s curiosity. With the most advanced hardware and software protecting the perimeter of your network, an attack launched from within the network by an employee who is a victim of an email-based phishing campaign can prove to be detrimental to your business. However, through awareness and education employees can help prevent a cyberattack.
A recent IBM survey of business professionals has found that individuals who are new to remote work pose a serious risk to their employer. This is because 45% of them said they haven’t received any additional security training since going remote. 54% also said they are unaware of any new policies put in place to protect their virtual meetings.
These numbers pose a serious threat. Without awareness or education on the vulnerabilities of working remotely it leaves employees disadvantaged and ill-prepared against attackers, who specifically target end users.
How do Employers take a Holistic approach to Cybersecurity?
It is the business’s responsibility to ensure their employees have all the tools they need to empower them to be the solution and not the problem. But what does actual good training entail? What is enough? A good formula entails a base knowledge of cybersecurity, threats, hackers, phishing and all the other hot button topics. After a base understanding is developed, consistent updates and reminders of the current threats and what is currently popular among hackers will help to solidify newly adopted security behaviours.
Instead of mandatory annual training where all the information is dumped at once and possibly just goes in one ear and out the other, another approach is to hold training sessions spread out over time, in digestible amounts.
Knowing that employees learn in different ways, the employer’s approach for training should let them learn at their own pace and in diverse ways.
Whether it be weekly newsletters from the IT department, or following certain accounts on social media that deliver current cybersecurity news, having constant reminders about these threats help nurture safer computing habits by employees.
For example, some cybersecurity social media accounts to follow on twitter are:
- @TheCyberSecHub
- @TechRepublic
- And of course, Clarity’s account @Clarityhs!
Your employees play an integral part in the security of your business. Taking a holistic approach to your cybersecurity strategy ensures your company’s data remains secure and safe.