It’s startling to comprehend that only 66% of businesses surveyed by OpenVPN require security training for their employees even though 73% of VPs and C-suite leaders believe remote workers pose a greater cybersecurity risk than onsite employees.
They also found in a previous survey that 25% of employees use the same password for everything.
And 26% of companies aren’t providing any cybersecurity awareness training to users who work remotely, according to recent research from KnowBe4, a cybersecurity provider.
Remote workers are more at risk for cyberattacks. In fact, working from home increases cyberattack frequency by 238%, states Alliance Virtual Offices.
More and more companies are shifting to remote and hybrid work arrangements, which presents a new set of benefits and challenges. Cybersecurity is critical when working remotely because organizations have less access to employees’ home networks and equipment and remote and hybrid employees don’t necessarily have direct or daily access to the IT department for support.
What Are the Risks?
Cybersecurity risks affect an organization’s reputation, financial stability, and legal standing.
As statistics show, the risks of cyberattacks are extremely high, especially when working remotely. The number of cyberattacks around the world is on a rapid rise. As each hour passes, technology continues to evolve and so do the tactics used to deceive and attack companies.
With the evolution of AI, almost anything is possible! Take the recent example where an AI bot interviewed with a cybersecurity company and received a job. The criminal intended to exploit the company’s payroll system. And yes, this is a real-life example. It highlights the sophistication of modern cybersecurity threats and why proper training programs for all employees are a no-brainer!
How Does a Cyberattack Happen?
A cyberattack on an organization typically begins with an attacker exploiting vulnerabilities in the organization's network or systems. This can involve phishing emails which trick employees into revealing sensitive information or installing malware. For instance, well-known threat groups (aka THIEVES!) recently caused global outages when they attacked CrowdStrike.
These attackers may claim they are assisting with resolving issues or implementing urgent updates. Once inside the company’s system, the attacker may escalate their access to gain control over critical systems or sensitive data. The final goal can vary from stealing sensitive information to disrupting operations, depending on the attacker’s motives.
8 Tips from a Training Company IT Director on How to Stay Vigilant Against Cyberattacks
Cybersecurity is not just a concern of the company’s IT department; every employee must stay proactive. It’s critical to always take the following steps to help safeguard the company’s systems and the employees’ personal information.
1. Never share passwords, install software, or grant remote access based only on unsolicited calls or emails.
2. Confirm all unexpected calls or emails , especially those related to IT issues. Always confirm the legitimacy of requests by using other contact methods.
3. Be cautious of any urgent requests. Legitimate IT actions do not require immediate actions.
4. Double-check email sender addresses and hover over links before clicking . Even known contacts may be impersonated, with slight differences in the email address.
5. Look for the lock symbol on web pages. The lock symbol confirms that the site is secure. It indicates that the connection is encrypted, and data transmitted between the employee and the site is protected.
6. Contact the organization’s IT department directly using organization-approved channels when unsure about a request.
7. Do not approve multi-factor authentication (MFA) requests if not initiated. If an employee receives unexpected or repeated MFA notifications, they should contact the company’s IT security team immediately and consider changing their password.
8. Always question anything that seems unusual. If uncertain, employees should always reach out and verify.
How to Improve Cybersecurity When Working Remotely
By 2025, 32.6 million Americans will work remotely, according to Upwork. This projection suggests a continuous shift toward remote work. In fact, 98% of workers express the desire not to work in an office.
Employees must play a more active role in maintaining cybersecurity.
HSI Can Help
According to a recent study by the CyberEdge Group, "the average cost of downtime caused by a ransomware attack is $5.1 million per organization. This includes the cost of lost productivity and revenue, IT labor, and post-attack expenses such as cybersecurity remediation, legal fees, and loss of customers.”
60% of small companies will go out of business within six months of a data breach or cyberattack, states Cybercrime Magazine.
73% of executives believe remote workers pose a greater security risk than onsite employees, according to OpenVPN. This concern stresses the need for robust security policies and proper employee cybersecurity training programs around safe digital practices in remote work environments.
All businesses must come to terms with the potential risks that come with a remote workforce. It is imperative to remain vigilant to prevent any incidents that could cause significant disruption. Sensitive information must be kept secure.
Proper cybersecurity training is of utmost importance as more employees continue to work outside of the traditional office environment. Training should be kept up to date to keep employees well informed of security awareness updates and alerts about the current cybersecurity threats that may come their way.
HSI has a wide range of both video and content-based employee training that can help organizations mitigate cyber risks in this new normal. Even taking basic training will put companies at less risk. Here are just a few:
For more information on the best way HSI can help, request a free trial.
Additional Resources