A greater focus on employee training is the foundation to organizations tackling a fast-changing cyber-threat landscape, according to Rayad Jawaheer, sales engineer at Bitdefender, speaking during the DTX Cyber Security Mini Summit.
The shift to remote working since the start of the COVID-19 pandemic has meant staff, and consequently their organizations, are at heightened risk of attack. This is primarily due to operating across potentially unsecured networks and devices, as well as having limited access to IT teams.
Although security technologies and good procedures have an important role in combatting the rise in attacks on remote workers that have been observed this year, they will only be effective if they are operated by an engaged and knowledgeable workforce. “Having policies and supporting them with tools can get you so far, but educating and training users on the best practices will help explain and outline why they need to follow the policy and use the tools,” said Jawaheer.
He added: “Essentially you want your employees to care about cybersecurity, not only at home, but for business use as well.”
He noted that although most organizations have some form of security awareness training for their employees, it is often irregular “and the content can become very quickly outdated.” He therefore recommended monthly training sessions to keep staff fully educated on the evolving threat landscape “and more importantly [on] what their responsibilities are when it comes to your company’s information security program.”
This includes engendering a similarly cautious attitude while working from home as they do in the office.
As well as training, another crucial aspect of securing a remote workforce is having the right technological tools in place. Jawaheer noted: “Having a policy in place lets your employees know what they need to do and how to do it, but providing the right tools also reduces the risks of working remotely.”
The tools required can vary according to the type and size of the company. However, common examples include VPNs to ensure network traffic is encrypted regardless of whether staff are on a public or private network, building encryption into security systems to make sure it is harder for data to be pulled from a device if they are lost or stolen and password managers to allow staff to generate secure logins as well as reducing the risk of the same password being used across multiple services.
While such steps can be taken to mitigate the risk of security incidents taking place, there is still every chance of breaches and other situations occurring, and organizations must be ready to respond. This involves taking a more proactive approach to discovering issues early on, according to Jawaheer. In particular, organizations should embrace analytics to alert them early on to possible threats and quicken their response time.
He added: “Essentially, if you take a more proactive approach to alerting, this in turn will strengthen your overall security posture across your network.”