What are the security risks of the remote workforce?
According to a survey of 6,000 employees by Kaspersky, 73% of employees working remotely “have not yet received any specific cybersecurity awareness guidance or training from their employer.”
Adding to that is the fact that 27% reported already receiving COVID-19 related phishing emails.
Those are some scary statistics. And what about technological gaps that have appeared?
Technological risks have grown with remote work
Working from home changes everything about your environment, physically and digitally.
As we’ve learned, that change can actually benefit employees when it comes to productivity and mental health.
However, working home comes with inherent technology security risks, particularly given how fast the transition occurred in the midst of COVID-19. Many organizations scrambled to prepare.
You have to plan for the things you aren’t thinking of. That’s really critical.”
This reality makes security awareness even more important where working from home is concerned.
Why security awareness is critical, including for remote employees
Ryan Kalember, EVP of Cybersecurity Strategy at Proofpoint, discussed the crucial nature of security awareness during the opening keynote of the joint Proofpoint and SecureWorld eSummit:
“When we looked at the data on how the attackers’ techniques actually work, we realized that 99 plus percent of it relies on social engineering; it doesn’t rely on technical vulnerabilities anymore.
You want to know who would actually fall for those threats, who might click on malicious links. And not all users are created equal.”
When considering those who are very attacked people within an organisation, this is how Kalember explains things:
“There is a tiny little sliver of users at the very top, they get almost all the interesting attack activity. That might be 50 people, that might be 250 people depending on your organisation, but you are going to see a cluster of people that are much more appealing to the attackers than everybody else. Understand who those people are and how you can better protect them.
Maybe even better than that, learn how they think and how you might exhibit empathy as a cybersecurity practitioner, and then achieve better risk management outcomes for your organization.”
Remote work means changes in how we communicate about security
While the shift to remote work comes with risk, it also poses a new security opportunity.
Mike Bailey, Sr. Product Manager for Proofpoint, covered this idea during a recent SecureWorld web conference:
“It’s really creating that new opportunity. If you’re a security department, you say I want to educate people, want to make sure they’re safe while at home. I want to connect with new channels. It’s the perfect time to email your staff, to email your HR partners, to email other departments and say, ‘How can we work together now?’ It just has shifted everybody professionally, their attitudes on working and work life balance, and the things you can do to help end-users. And that’s probably one of the biggest silver linings we’re seeing from the pandemic.”
This includes knowing how to communicate with the security team if an employee thinks they could be experiencing a cyber incident.
Now is the time to reframe cybersecurity through the work-from-home lens.