EXECUTIVE SUMMARY:

Cyber security awareness training for employees is widely considered a top strategy in preventing cyber attacks. But nearly 50% of organizations fail to provide staff with cyber security training. In the age of hybrid and distributed work, this oversight could lead to dangerous and costly outcomes.

Research indicates that, in the post-pandemic world, at least 35% of traditionally office-based employees will continue to leverage a hybrid working approach. Most will work 2-3 days from home per week. A full 12% of employees intent to remain remote full-time, while 11% wish to primarily work-from-home long-term. All of this means new productivity gains, but it could also mean gains for hackers due to relentless cyber attacks and inadequate cyber security awareness training.

To strengthen the first-line of cyber defense -the human factor- in the age of distributed work, organizations may wish to offer:

Department specific training. The inbound threats directed towards the HR team could look quite distinct from those lobbed towards the financial department. Each departmental unit should have a sense of which threat types to look for. Offering cyber security awareness training in small, “single-department-only” sessions can help leaders and learners address the topic of department-specific threats.

Phishing training for everyone. Eighty percent of reported cyber security incidents consist of phishing attacks. And, as you know, these schemes are maturing in sophistication. After offering information about phishing attacks to your employees, consider deploying software that can help you replicate actual phishing attempts. This tactic can tell you about where your training blind spots were–Just be sure to avoid shaming or otherwise embarrassing employees who fell for the simulation.

Insider threat training. Cyber security teams primarily focus on external threats. However, potential security threats may also derive from insiders. In one infamous example, a former employee of a credit union pleaded guilty to unauthorized information access and subsequent data destruction. Within 40 minutes, 20,000 documents disappeared. Insider threats can manifest in a variety of different forms, as inside threat actors have divergent sources of motivation. Both awareness training and the principles of zero-trust can help organizations avoid falling victim to insider threats.

Mobile threat awareness training. As an increasing number of employees have begun to use personal devices for work purposes, employers are under obligation to provide strong cyber security mechanisms that can be added to apps and devices. Alternatively, some experts encourage organizations to provide employees with secure work-only devices.  Whatever your organization opts for, ensure that your mobile-minded employees are aware of phone scams, text message scams, and other uniquely mobile threats.

Cyber security awareness training for the distributed workforce might require a bit of an unconventional approach, as it’s new territory for many organizations. Distributed working environments, new technologies and advanced cyber threats can, together, increase risk of cyber attack. Focus on a prevention-first strategy and provide the right training for your virtual employees.

For more insights into cyber security awareness training for the distributed workforce, see our article titled How to Create a Security Awareness Program that Employees will Enjoy. Lastly, to receive cyber security insights, analysis and resources in your inbox each week, sign up for our newsletter.