Now that many employees might be working from home (WFH) for much longer than anticipated when the COVID-19 pandemic was first declared, many cybersecurity teams will need to revisit end-user cybersecurity training.
For example, a survey of end-users who work for small businesses notes that when the pandemic hit only one-third of employees (34%) received instructions on how to work securely on personal laptops, tablets, and smartphones.
A separate survey of remote workers published by CyberArk finds 77 percent of remote employees are using unmanaged devices to access corporate systems. More troubling still, the same survey finds 93 percent have reused passwords across applications and devices, with 37 percent insecurely saving passwords in browsers.
Nearly a third (29%) also admit they allow other members of their household to use their corporate devices for activities such as schoolwork, gaming, and shopping, the survey finds.
At the same time, a CyberArk survey of IT professionals finds 94 percent of respondents are confident in their ability to secure the new remote workforce, even though 40 percent said they have not increased their security protocols.
That’s likely to be especially problematic as cybercriminals step up their efforts. A report from Bolster, which employs deep learning algorithms to identify fraudulent activity, shows in the first three months of 2020 discovery of 854,441 confirmed phishing and counterfeit pages, with another four million pages deemed potentially suspicious. Given all the employees concerned about the pandemic, the odds are good one of them is going to click on something they shouldn’t.
Online security training options
The best defense against phishing attacks and other types of aberrant end-user behavior is training. Naturally, that’s hard for cybersecurity professionals to do themselves when they too are working from home. As such, cybersecurity teams might want to consider signing up more end users for online training. Phishing simulation training platforms delivered as a cloud service, for example, can be easily be accessed remotely by end users.
Given the economic downturn brought on by the COVID-19 pandemic, chances are good many employees have more time for training. The challenge is making that training more accessible at a time when many of those employees might otherwise be distracted easily. Many employees are working extended hours as they try to wrap their jobs around any number of personal pursuits and family responsibilities. Fortunately, online training is one of those things that can be consumed at any hour of the day.
Cybersecurity professionals are all too familiar with the inherent risks associated with WFH. The challenge now is to find ways to minimize those risks at a minimal cost. Most business leaders are not going to be receptive to a major increase in cybersecurity spending until the economic climate becomes more certain. That makes training a more attractive option that can be made available as part of a larger human resources effort to keep employees engaged.
When it comes to cybersecurity, there is no substitute for the fundamentals. The most effective way to mitigate any threat is to make as many employees aware of it as possible. Arguably, there might never be a better time to train employees than at a time when many of them might have a little extra time on their hands.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.