Discussing Cyber Threats With Your Remote Team
In our recent report, The Impact of Covid-19 on the UK Information and Cyber Security Sector, we explored the rising rate of cyber security threats and attacks that companies across a broad range of industries were facing due to company-wide remote working.
While many organisations were proactive in building up their cyber security teams to protect their sensitive data, many still have not connected the dots between a lack of in-house awareness of cyber threats and the danger this places their company in.
As remote or flexible working that splits employee time between the office and the home is likely to become the norm, it’s important to start educating your remote staff in the fundamentals of cyber security to ensure the safety of your data and client information.
Security issues with working remotely
Many principal cyber security threats emerged in the early stages of the pandemic due to the pressures of the en masse move to remote working caused by:
- A lack of cyber awareness training in-house
- Inadequate equipment
- Weak Wi-Fi with poorly secure connections
- VPN misconfigurations
- Firewall misconfigurations
- Unsafe user privileges
- Businesses in a state of flux prioritising restructuring
- A lack of cybersecurity expertise in-house
- Neglecting regulatory framework
Security awareness topics 2021
However, due to the reactive, ever-varied and ever-evolving nature of cyber attacks, they have found ways to get around many of the initial cyber security measures put in place since the pandemic. Cyber threats still posing problems to remote teams and jeopardising company data and information include:
- Phishing
- VPN brute force attacks
- Malware, spamming or viruses
- Intellectual property theft
- Bypassing multi-factor authentication processes
Organisations not only need to have a proactive approach to cyber security, they also need to inform their employees of the dangers and risks posed when they’re working remotely.
How to maintain security when employees work remotely
As mentioned, cyber attacks are constantly evolving and becoming increasingly sophisticated and have the potential to appear to your employees as completely harmless emails, pop ups or sites that seem familiar. This can result in innocent mistakes with serious consequences.
One of the best ways to educate your remote employees is to deliver regular communications that inform them of the current cyber risks they should be aware of and vigilant towards. This can take the form of a weekly, fortnightly or monthly email from your information security team or leader, or you could hold regular employee security awareness training, a short video conference detailing the threats to be aware of and how to avoid them.
Employee security awareness training
Some basic cyber awareness guidance to cover with your remote employees include:
Be cautious with emails
Many emails may look like they’ve come from the internal server and from someone within the company – be sure to check the email address and be wary of links and attachments.
Only use trusted sources
Legitimate, up-to-date, fact-based information on websites that aren’t overly populated with pop ups are typically safe. Encourage employees to pay attention to any risks raised by anti-virus software.
Do not share personal or company information
Personal, client, security or financial information should not be shared with untrusted sites or from unknown email requests.
Whilst discussing remote cyber security threats may create some anxiety among your team or employees, reassuring them that your cyber security leader, department or team are constantly monitoring the situation and are trained and aware of the ever-changing landscape of cyber security attacks will reassure them.
Building your cyber security team
Having a proficient and technically astute cyber security function comprised of exceptional cyber security professionals is key to supporting ongoing remote or flexible working.
Barclay Simpson is an international recruitment consultancy that specialises in recruiting professionals for the interrelated disciplines of Governance, namely Information/IT Security, Risk, Resilience, Audit, Compliance, Legal and Treasury. When you’re looking to build and secure your organisation for the future, Barclay Simpson can help you quickly build a technically proficient cyber security offering and team.
Get in touch for support in hiring cybersecurity professionals