Business Daily Media

Cybersecurity training in the era of remote work

  • Written by Josh Lemon, Certified Instructor and Course Author at SANS Institute

Before the pandemic, IT managers had the comfort of knowing employees were working in the office within a secured network. This gave organisations the security of company documents being saved on internal systems, collaboration taking place securely, and the ability to control the risk of networks getting compromised. However, the shift to remote working in March 2020 required employees to use their home Wi-Fi and ultimately work within an uncontrolled or monitored security environment.

In fact, since March 2020, the past three notifiable data breach reports from the Office of the Australian Information Commissioner (OAIC) revealed there had been 1,503 data breaches reported with malicious or criminal attacks accounting for the majority of these breaches. Given the prevalence of cyberattacks since the start of the remote working era, organisations must develop a cyber-resilient culture that starts with education.

Communicating cybersecurity risk to employees

According to the most recent OAIC report, 43 per cent of the reported data breaches resulted from cybersecurity incidents, with phishing incidents the main perpetrator. Phishing is a method of attack where threat actors portray to be someone they’re not with a specific call to action (phishing lure) that compromises a system or financial gain for the threat actor. These phishing lures can be a request for funds or information; for example, the “CEO” asking a financial controller to send funds to a specified account. The urgency often portrayed in these emails can cause people to take action without realising something isn’t right.

However, for employees to stay vigilant during a phishing attempt, they need to know what to look out for.

Cybercriminals are getting better and sophisticated at social engineering and putting more time and effort into researching their targets, such as learning names, titles, and employee responsibilities, making their attempts much more believable.

A starting point for employees should be to review the sender’s email domain and their ‘reply to’ domain address. Most organisations have a specific email domain, so an address ending with ‘@gmail.com’ can indicate a phishing attempt. Even slight variations to an email domain can make a huge difference, so don’t be fooled into thinking @g0v.au is trustworthy—it’s very different from @gov.au.

In addition to email domains, employees should be vigilant in opening attachments or clicking on links. Attachments should only be opened from trusted sources and when absolutely necessary, while links should always be treated with caution. Doing a quick Google search of a website URL to confirm it’s legitimate can mean the difference between an organisation’s entire system being locked and business-as-usual.

How to lead a remote cyber training session

To develop cyber resilience and an educated workforce, organisations must implement a regular training program that ensures employees are equipped with the skills and know-how to identify attacks and apply best practices.

In addition, there must be a transparent process in place that guides the organisation on appropriate next steps when an attack has occurred. I recommend businesses adopt the MITRE’s Cyber Exercise Playbook to help organisations plan and run tabletop exercises.

When an organisation is under attack, every department and employee has a role in the recovery effort. Incident response tabletops are designed to test the effectiveness of an organisation’s security program, from its cyber defensive processes, recovery procedures, to cyber preparedness prior to a cyberattack. They can help identify weak points in an organisation and further indicate gaps in processes or knowledge, allowing organisations to better focus future cybersecurity training.

Simulating an organisation’s cybersecurity procedures via an incident response tabletop can help in reducing the impact of a cyberattack on organisations, while providing additional benefits to employees:

  1. Validation: Implementing such procedures allows an organisation the opportunity to educate employees on the organisation’s guidelines for cybersecurity responses

  2. Situational awareness: It is essential to update employees on new tactics threat actors use when they are trying to infiltrate an organisation. Employees will be better equipped with the skills needed to identify cyber threats.

  3. Team building: In the time of remote working, employees lose the physical interactions with their colleagues, so engaging in meetings where employees can discuss strategies used while working remotely can unify team members

With many Australians living in and out of government lockdowns, organisations must lead frequent cybersecurity training sessions to mitigate their chances of data breaches and encourage employee accountability to embrace the increased risks of cyberattacks in the era of remote work.

Business Today

Utilising communication tech to alleviate employee burn out

Hybrid work solidified into the business model in 2021 – plain and simple. Jabra research revealed 42 per cent of employees last year requested leadership to help make their virtual workspace more comfortable. Employees are ...

Space Machines readies for liftoff securing launch services deal with SpaceX

SpaceX to carry Space Machines' Optimus Orbital Transfer Vehicle as part of its April 2023 mission. Optimus is one of the largest spacecraft built in Australia and furthers Australia’s sovereign capabilities toward in-space...

Deliver business benefits through operational excellence

As Australian businesses emerge from the pandemic lockdowns and draw up plans for growth, increasing numbers are adopting a strategy of operational excellence. Operational excellence involves everyone in an organisation and f...

Modern slavery conference to take on the criminal enterprises and address global injustices

Influential experts from around the world will take part in a unique international online summit targeting modern slavery being hosted by Australian charity Freedom for Humanity later this month. Modern slavery is a process...

Unit4 Appoints Tania Garrett as Chief People Officer

 Unit4, a leader in enterprise cloud applications for people-centric organisations, today announced the appointment of Tania Garrett as Chief People Officer. Tania will oversee the company’s people success function wh...

FIVE reasons why you should set up an instant office instead of a fixed lease

Australia is now on the cusp of very volatile economic period. As the world tries to pick up the pieces after two years of global lockdowns and constant setbacks, we continue to face the aftermath of COVID on many levels. Acc...

Business Daily Media Business Development

Utilising communication tech to alleviate employee burn out

Hybrid work solidified into the business model in 2021 – plain and simple. Jabra research revealed 42 per cent of employees last year requested leadership to help make their virtual wo...

David Piggott, Managing Director ANZ at Jabra - avatar David Piggott, Managing Director ANZ at Jabra

Space Machines readies for liftoff securing launch services deal with SpaceX

SpaceX to carry Space Machines' Optimus Orbital Transfer Vehicle as part of its April 2023 mission. Optimus is one of the largest spacecraft built in Australia and furthers Australia’...

Business Daily Media - avatar Business Daily Media

India's employee hostels are often like prisons – but young women garment workers don't always see it that way

Kavitha, 18, earns a living at a clothing factory in the southern Indian state of Tamil Nadu. Like many of her colleagues, she lives in accommodation provided by the factory, where she share...

Andrew Crane, Professor of Business and Society, University of Bath - avatar Andrew Crane, Professor of Business and Society, University of Bath

Shortage of workers threatens UK recovery – here’s why and what to do about it

For the first time since records began, there are more job vacancies in the UK than unemployed people, according to the latest monthly labour market figures. This has been driven mainly by a...

Donald Houston, Professor of Economic Geography, University of Portsmouth - avatar Donald Houston, Professor of Economic Geography, University of Portsmouth

A central bank digital euro could save the eurozone – here's how

Blockchain bailout?4K_HeavenThe European Central Bank and its counterparts in the UK, US, China and India are exploring a new form of state-backed money built on similar online ledger techno...

Guido Cozzi, Professor of Macroeconomics, University of St.Gallen - avatar Guido Cozzi, Professor of Macroeconomics, University of St.Gallen

Deliver business benefits through operational excellence

As Australian businesses emerge from the pandemic lockdowns and draw up plans for growth, increasing numbers are adopting a strategy of operational excellence. Operational excellence in...

Chris Ellis, Director Pre-Sales at Nintex - avatar Chris Ellis, Director Pre-Sales at Nintex



NewsServices.com

Content & Technology Connecting Global Audiences

More Information - Less Opinion