Cybersecurity Training for Remote Employees [+ Advice from a Training Company IT Director]

Press Release from HSI

It’s startling to comprehend that only 66% of businesses surveyed by OpenVPN require security training for their employees even though 73% of VPs and C-suite leaders believe remote workers pose a greater cybersecurity risk than onsite employees.

They also found in a previous survey that 25% of employees use the same password for everything.

And 26% of companies aren’t providing any cybersecurity awareness training to users who work remotely, according to recent research from KnowBe4, a cybersecurity provider.

Remote workers are more at risk for cyberattacks. In fact, working from home increases cyberattack frequency by 238%, states Alliance Virtual Offices.

More and more companies are shifting to remote and hybrid work arrangements, which presents a new set of benefits and challenges. Cybersecurity is critical when working remotely because organizations have less access to employees’ home networks and equipment and remote and hybrid employees don’t necessarily have direct or daily access to the IT department for support.

What Are the Risks?

Cybersecurity risks affect an organization’s reputation, financial stability, and legal standing.

As statistics show, the risks of cyberattacks are extremely high, especially when working remotely. The number of cyberattacks around the world is on a rapid rise. As each hour passes, technology continues to evolve and so do the tactics used to deceive and attack companies.

With the evolution of AI, almost anything is possible! Take the recent example where an AI bot interviewed with a cybersecurity company and received a job. The criminal intended to exploit the company’s payroll system. And yes, this is a real-life example. It highlights the sophistication of modern cybersecurity threats and why proper training programs for all employees are a no-brainer!

How Does a Cyberattack Happen?

A cyberattack on an organization typically begins with an attacker exploiting vulnerabilities in the organization's network or systems. This can involve phishing emails which trick employees into revealing sensitive information or installing malware. For instance, well-known threat groups (aka THIEVES!) recently caused global outages when they attacked CrowdStrike.

These attackers may claim they are assisting with resolving issues or implementing urgent updates. Once inside the company’s system, the attacker may escalate their access to gain control over critical systems or sensitive data. The final goal can vary from stealing sensitive information to disrupting operations, depending on the attacker’s motives.

8 Tips from a Training Company IT Director on How to Stay Vigilant Against Cyberattacks

Cybersecurity is not just a concern of the company’s IT department; every employee must stay proactive. It’s critical to always take the following steps to help safeguard the company’s systems and the employees’ personal information.

1. Never share passwords, install software, or grant  remote access  based only on unsolicited calls or emails.

2. Confirm   all unexpected calls or emails , especially those related to IT issues. Always confirm the legitimacy of requests by using other contact methods.

3. Be cautious of  any urgent requests.  Legitimate IT actions do not require immediate actions.

4. Double-check email sender addresses and hover over links before clicking . Even known contacts may be impersonated, with slight differences in the email address.

5. Look for the lock symbol on web pages.  The lock symbol confirms that the site is secure. It indicates that the connection is encrypted, and data transmitted between the employee and the site is protected.

6. Contact the organization’s IT department directly  using organization-approved channels when unsure about a request.

7. Do not approve  multi-factor authentication  (MFA) requests  if not initiated. If an employee receives unexpected or repeated MFA notifications, they should contact the company’s IT security team immediately and consider changing their password.

8. Always question  anything that seems unusual.  If uncertain, employees should always reach out and verify.

How to Improve Cybersecurity When Working Remotely

By 2025, 32.6 million Americans will work remotely, according to Upwork. This projection suggests a continuous shift toward remote work. In fact, 98% of workers express the desire not to work in an office.

Employees must play a more active role in maintaining cybersecurity.

  1. Be fully aware of company policies on cybersecurity  best practices .  This will ensure employees maintain a high level of cybersecurity awareness. For example, follow the policy on downloading apps on work devices.
  2. Keep work and personal devices separate . Even if an employee’s company-issued computer goes down, do not use a personal computer as it may not have adequate security software, along with regular checkups and oversight. This can be a serious security risk.
  3. Always use VPNs when accessing  company data  remotely.  Public Wi-Fi networks, such as coffee shops, are not secure. When an employee logs in to an unsecured network, the company data passed between their device and the server is vulnerable.
  4. Install system updates promptly.  Whenever an operating system, software, or application update becomes available, it is imperative to update the system with the latest security patches. Regular updates lessen malware and other cybersecurity risks. Watch HSI’s free malware training video.
  5. Only store data in the company-approved cloud storage.  Do not store company data on personal devices because if these devices are stolen or hacked, sensitive company data can be leaked, leading to a security breach.
  6. Use strong, passwords and a password manager.   Prevent hackers from cracking the code by using unique passwords that include a mix of letters, numbers, and special characters. Use different passwords for different accounts and change them regularly. A password manager helps keep employees' passwords safe. Watch HSI’s free training video on passwords.
  7. Use two-factor authentication (2FA) or multi-factor authentication.  This adds a layer of security by requiring two or more forms of verification before accessing an account.
  8. Be cautious with any unexpected requests or communications.  With the advancement of AI, phishing attacks related to outages are expected to increase, often posing as communications from someone from the IT team or affected services or vendors. For instance, if a vendor has a security breach, those threat actors often contact the vendor’s clients with all details of the services provided. These emails may request urgent actions, such as resetting passwords or updating software, and may include links or attachments. Learn more about email phishing by watching HSI’s free training video.
  9. Stay alert before you click!  Always be skeptical of requests for sensitive information.
  10. Turn off any smart speakers and smartphones with an “always listening” setting   while working.  Keep your sensitive information safe and confidential.
  11. Contact IT.  Without easy access to IT, don’t try to troubleshoot a network problem or ask a family member or friend for help. This could potentially create security risks and unauthorized access to confidential information.
  12. Report any potential cybersecurity or data breaches immediately, regardless of how minor.  Failure to report incidents promptly may increase the costs of a data breach and impact compliance and data breach disclosure laws.
  13. Take proper training courses regularly.  For example, to reduce the risk of phishing scams, learn how to spot suspicious emails. Be sure all employees understand all the cybersecurity jargon. Check out HSI’s free training video on defining cybersecurity.

HSI Can Help

According to a recent study by the CyberEdge Group, "the average cost of downtime caused by a ransomware attack is $5.1 million per organization. This includes the cost of lost productivity and revenue, IT labor, and post-attack expenses such as cybersecurity remediation, legal fees, and loss of customers.”

60% of small companies will go out of business within six months of a data breach or cyberattack, states Cybercrime Magazine.

73% of executives believe remote workers pose a greater security risk than onsite employees, according to OpenVPN. This concern stresses the need for robust security policies and proper employee cybersecurity training programs around safe digital practices in remote work environments.

All businesses must come to terms with the potential risks that come with a remote workforce. It is imperative to remain vigilant to prevent any incidents that could cause significant disruption. Sensitive information must be kept secure.

Proper cybersecurity training is of utmost importance as more employees continue to work outside of the traditional office environment. Training should be kept up to date to keep employees well informed of security awareness updates and alerts about the current cybersecurity threats that may come their way.

HSI has a wide range of both video and content-based employee training that can help organizations mitigate cyber risks in this new normal. Even taking basic training will put companies at less risk. Here are just a few:

  • Protecting Intellectual Property
  • Safely Sharing Information Online
  • Has My Device Been Compromised?
  • Building Your Security-First Mindset
  • Responding to a Cybersecurity Crisis
  • Secure Web Browsing on a Work Device
  • Introduction to Cybersecurity Regulations
  • Cybersecurity for Remote and Hybrid Workers
  • Cybersecurity: Protecting Your PC: Daily Precautions
  • From Prevention to Intervention: The Role of the Leader in Cybersecurity

For more information on the best way HSI can help, request a free trial.

Additional Resources

 

Companies Mentioned in this Press Release: