Tailoring Enterprise Information Security Training and Awareness for Remote Working

The ongoing COVID-19 outbreak has compelled most organizations to roll out work from home arrangements. In the changed times, work no longer means being inside the office facing your computer. The increase in at-home working also puts organizations at a greater risk of cyber-attacks because home networks are generally not as securely configured as a corporate network. In such times, where employees are working in a changed environment, it is prudent to modify your organization’s security training and awareness program to accommodate this change.

The following elements, if introduced in the program, can help employees appreciate the risks associated with remote working in the current scenario:

1. Remote Working Trainings. The following training topics can be offered to employees as a refresher or in addition to the regular security trainings:
   1. Email security
   2. Multi-factor authentication
   3. Secure online collaboration
   4. Remote connection mechanisms
   5. Phishing
   6. Social engineering
   7. Handling confidential data outside office
2. Simulated Phishing Campaigns. By now, it is well known that COVID-19 themed phishing is targeting organizations and consumers massively. Simulated phishing emails on the same theme will help assess employee readiness to actual phishing emails. Employees who take the bait can be registered to take a mandatory training on identifying phishing emails.
3. Email Campaigns. Sending a variety of materials sequentially on the same topic helps build a communication chain with the employees and helps them understand risks in a better manner. Remote working email campaigns should aim to pass the message to employees through various mechanisms like videos, articles, blogs, FAQs and quick, easily digestible facts. Building a storyline or a connection between the materials would keep the reader engaged.
4. IT Security Weekly Tips on Remote Working. Everyone loves a quick tip. Weekly tips via email or the company’s intranet can convey useful working guidance on topics like: how to secure your home network; how to secure your mobile device; how to handle sensitive data at home; how to securely share information over the internet.
5. Other Digital Content. Computer wallpapers and screensavers, and floating banners over employee portals are some other means to spread awareness.

By employing these tweaks, the existing security training and awareness program can be enriched to not only address education on remote working security risks, but also enable employees to act safely with corporate devices and information no matter where they are working from.