Cybercrime has skyrocketed during the pandemic, as untrained remote workers adapt to new environments and learn to do things that they’re not used to doing.
“All kinds of figures come across my desk every day on how hacking, malware and exploits have increased exponentially since the pandemic started,” said Tim O'Connor, Knowledge Services Manager at Cadre. “Attacks have tripled. Just recently, I saw a note that there have now been 404 million new malware infections spotted since this started.”
Ransomware has also gone up and social engineering attacks are now leveraging COVID-19, according to a recent FBI announcement. It’s identified hundreds of social engineering attacks where people have made domains that look like health reporting sites or official COVID-19 information sites. They're run by evil hackers to try and get users to download infected documents.
They’re also exploiting the communication gap between employees and employers. Employees no longer have the ability to walk down the hall and say, “Hey, are you sure you want me to wire this money?” So, evil hackers are leveraging social engineering, confusing people with these kinds of attacks and getting people to do things that will cause compromise or damage to an organization.
The network security ecosystem is ripe for cyber criminals
Even the harmless child is an insider threat in the remote work environment. What happens when the remote-working-parent steps away from the corporate laptop to refuel caffeine? I bet that the kiddos will curiously plug away in its browser or launch an otherwise fun game.
Remote workers no longer have the protection of their corporate firewalls and services. Many home offices will have misconfigured routers or networks, and their home network might already be compromised.
Many remote workers are moving information between corporate devices and personal devices. In many instances, people's corporate computers don't have a printer driver for a printer that's used in the home environment. So, they send protected corporate documents that should never leave the corporate laptop over to their home computer for printing. There's all kinds of issues and violations that can happen in this situation.
Remote training is the best tool to protect your data
Your organization’s information security is in the clutch of bad actors. This threat is elevated by an untrained remote workforce.
The good news: Most training now can be done virtually, and it is very feasible. But it also requires a specialized skillset, and comes with unique challenges.
It’s critical that the trainer is fluent in the training material, tools, adult education, how to communicate, and how to evaluate that people are learning the necessary skills to work remotely.
You must have a well-designed digital classroom environment to optimize the learning experience, and to ensure students retain pertinent information. Keep off-the-shelf meeting software like Zoom and Microsoft Teams ON the shelf – they’re not effective.
Students will have distractions at home. Their homes might not have good internet bandwidth, or they might be sharing that bandwidth with other people in the home, interfering with video and other connections required for a smooth learning experience.
5 tips for effective remote training:
1. Choose a skilled trainer that understands the models of adult learning; how to deal with visual learners; how to interact with people properly; and how to verify that students are learning the required skills.
2. Choose training software that enables training with an educational style, in a virtual training environment. Experiment with GoToWebinar software to see what works for your remote workers.
3. Take advantage of free bandwidth tools that enable students to check their bandwidth before joining a virtual classroom. Keep in mind that even the best training software is useless if remote workers don’t have the bandwidth for optimal training.
4. Equip students with a headset and mic to reduce distractions such as background noise, audio feedback, and things happening in the home. If you make it easier for students to pay attention, then they’re likely to consume more information and acquire new skills.
5. Promote learning through interactive classes. It's more difficult for students to learn on a tiny laptop screen than it is sitting in a regular classroom. Engaging students during remote training increases attention span and involvement.
What can we learn from the pandemic?
The CIO and CISO have been tested in unexpected ways as they juggle heightened security risks with untrained remote workers during these unprecedented times.
Things to consider going forward:
- Identify the most effective training methods.
- Identify employees that struggle to work remotely – return them to premise first.
- Compare security practices against a compliance framework.
- Contact a trusted advisor to conduct security assessments.
- Provide security awareness training to your end users.
Remote training offers special challenges, but it’s the best solution in a time of uncertainty.
If you’d like to learn more about Cadre’s solutions, please contact us. We’d love to help you find a solution that fits your needs and budget!