Mimecast: How COVID Highlighted the Value of Security Awareness Training

As work moved from the physical to the virtual to allow for social distancing during the COVID-19 pandemic, the need for cybersecurity increased. Confidential in-person meetings have been replaced with videoconferences using software that may not be secure, and employees have been accessing company networks from outside the office. With more targets for cyberthreats, effective security awareness training has become more vital than ever.
Employees working virtually need extra security awareness training
In order to safeguard data when employees do more work online, companies should address some of the most common cyber threats.
Phishing increases when companies rely more on email
Cyberthieves often steal sensitive information with phishing attacks. Phishing emails appear to be from a trusted sender, and they trick people into revealing sensitive information. As virtual work increases the need for email communications, opportunities for phishing increase.
Security awareness training teaches employees to recognize the signs of phishing, including:
Employees working from home can’t call over a co-worker for a quick opinion on a suspicious email. Without the ability to get an immediate second opinion, an employee is more likely to click on a malicious link.
Data created at home is more susceptible to hacking or data leaks
Employees need training in how to keep their home offices as secure as the company’s office. The following techniques should be covered in security awareness training:
Employees using personal devices may be more susceptible to ransomware
Ransomware is software that an attacker loads onto a computer to encrypt the data. The software installs on a computer when someone clicks on a link in the attacker’s email and then can’t access their data until they pay a ransom to the attacker.
If companies allow employees to use personal devices, they should require the use of anti-virus and anti-malware software. Employees should also be sure to back up company data regularly so they can access the backup and avoid needing to pay a ransom in the worst-case scenario.
Strategies for security awareness professionals
Some considerations for setting up a security awareness training program include:
Source: Mimecast