Last year I was going to write an article about being squeezed up next to somebody else on an airplane and how easy it was to see everything they were doing on their computer. As a security awareness trainer I was curious what a bad actor might be able to discover and take advantage of in such a situation. It was enough that I could have put together an extremely well targeted spear phish directly to that executive!
Now, times have changed. Most of us probably have no need for a privacy screen on a computer! But we all know these times have their own challenges, and they’re just as acute. Today, you’re facing three questions.
- What threats does your organization face in the current environment?
- What does your staff need to know to work securely from home?
- How can you provide that learning?
Take a look at our free security kit and phishing test now for immediate action, and read our recommendations here for increasing safety in remote work.
Beware COVID-related scams
How many times a day do you receive new links to sites with COVID-19 information? Scams and malware sites have increased 350% since the start of COVID-19.
This means you need to increase your efforts to educate staff about going only to sites with trusted information. That can include providing your staff with information about the sites you trust and recommend.
A simple solution could be to compile a page of trusted sites for staff to reference and ensure they know to go there for the sites you recommend instead of accidentally accessing sites with malware. The trick is getting that information out.
These scams also come through phishing campaigns – a hack that uses fraudulent email to direct your employees to enter personal or company information at a fake website that looks legitimate.
To protect your company and client information from phishing, you need to raise awareness about the threat and train employees to recognize phish even when it looks convincing.
One of the most impactful education solutions is to use phishing simulation software. By customizing the simulation content to contain COVID-19 information you can determine how many people are interacting with phish and provide just-in-time learning for those staff that do.
Secure online meetings
Online meetings are now the norm with reports of up to a 500% increase in the use of Microsoft Teams Meetings. And not only are your employees working from home. They may be exchanging information over networks shared by family members or the public.
GoToMeeting, Microsoft Teams, Skype for Business, Zoom, whatever solution your organization uses, you need your users to be familiar with all of your company’s security tools and how to use them. You can also provide recommendations on joining meetings external to your organization. A single link distributed publicly is an invitation to have unknown participants join a meeting and share malware links, yell profanity, or display racist or pornographic material.
Employees also have a tech stack at home including routers, WIFI, and data providers. And it’s probably been set up at lower security standards than you would accept at work.
Online meeting safety requires user education for employees. To create real security, that means training programs on tools, or at least best practice guides for common tasks. In addition, employees need instructions or a checklist for making their home technology as secure as possible.
Teach Cyber Security in a way your employees won’t ignore
As a learning initiative then, to protect your data and your customers’, you need
- A base–level training that educates employees on fundamental precautions they should take while working at home.
- Information on phishing scams.
- Checklists or reminders on setting up safety precautions at home.
In the scramble to share critical knowledge with your staff, the easiest solution may be to write content to publish internally and possibly follow that up with an email.
It’s critical though that employees take notice and take your materials seriously. And, to make it stick, you’ll need to follow that up with additional learning opportunities.
Educational content with interactive materials and small chunks of information over time is one of the most effective delivery mechanisms. Customizing content to your organization and job roles, making it more relevant and accessible to learners, is even more impactful.
That may seem like a tough prescription, particularly in the midst of the upset of moving employees and business processes.
If you’d like help, Kalles Group is here for you.
We’ve teamed up with InfoSec Institute to provide you with a complete security kit for employees working remotely. Kalles Group will even manage a phishing risk test to gauge your vulnerability to phishing threats directed at your remote workforce.