How do you keep your workforce cyber secure in a time of unprecedented change?
The coronavirus crisis has plunged us into unprecedented territory. We transact more of our lives online than ever before, whether it’s arranging our finances through online banking, or keeping abreast of the news on a day to day basis. And the way we work has changed as well: more of us are working from home, and relying on residential connections and everyday IT equipment to keep us safe online.
Employers are recognizing the risks implicit in this massive change of how we work, and so cybersecurity training is adapting to meet the new challenges that exist.
How training is changing
The main thing that training now has to take into consideration is the broader range of devices and methods that must be considered to keep systems safe. In a pre-covid world, the environment in which most employees worked was relatively tightly controlled. Access to work networks was limited to pre-vetted devices onto which proper security software was installed.
The work from home revolution has changed everything.
Now employees are often using third-party devices they use for casual browsing as well as work to connect remotely to work servers holding vital information. As a result, cybersecurity training now encapsulates how to securely browse the internet in your spare time, as well as during work hours.
The types of services and apps that employees need to be trained about is also increasing. Working from home has involved in many cases migrating to a new set of apps and services that are different to those used when colleagues share a physical workspace, and so routines, safety messages and more all need to be learned to adapt to the world of Zoom, Teams and Slack.
Email literacy is more important than ever
Some hard and fast rules that have been drilled into employees become more important than ever. Shorn of the security and assurance of colleagues to ask whether an email and its attachments appear suspicious, workers are required to be trained to be proactive in identifying risks and mitigating them.
That requires teaching them more about how phishing campaigns are launched and mounted, and how cybercriminals take advantage of social engineering skills to try and leverage their way into networks to siphon off information.
Becoming digitally literate about the potential risks out there is more important than ever.
Especially given that there is little oversight for remote employees, and the impact of giving up access to vital information on company servers can be enormous before the potential victim would even recognize what they’ve done.
Responsibility is the key watchword
As well as practical tips and advice, cybersecurity training in a post-covid world appears to be taking a more holistic approach, ensuring people feel more comfortable in taking responsibility for their actions and the potential ramifications of what they do online.
It’s making sure people take ownership and are aware of the implications of clicking on odd links and knowing that it could have a meaningful impact on the security of their company’s network. By doing so, it’s possible to make people think twice about their digital safety, and reconsider each action they do online for fear that it could have an effect on the future of their firm.