Now that much of the global workforce is remote, it’s imperative that all employees make cybersecurity a key skill.
Covid-19 has put a lot of industries in flux, particularly the cybersecurity industry. From accelerated digital transformation to the privacy issues around contact-tracing apps, information security in all corners of business needs to be examined.
However, there can often be an issue in terms of cybersecurity responsibility, leaving a serious security gap for many businesses. Earlier this year, a survey from Egress said many employees had misconceptions about data ownership, with only 37pc of respondents recognising that everyone has responsibility for keeping data safe.
This is more troubling during the Covid-19 crisis, when there has been a surge in cyberattacks and phishing scams and staff may be in unfamiliar working set-ups. But despite this increased security threat, 65pc of UK employees say they have had no extra training against cyberattacks, according to a new survey from cybersecurity firm CrowdStrike.
The research, which was done in cooperation with YouGov, added that 52pc of those surveyed were working off personal devices that are potentially less secure than business devices.
Education is crucial
Anurag Kahol, chief technical officer of cloud security company Bitglass, said that while phishing scams are nothing new, major news such as Covid-19 can increase the level of opportunistic attacks.
“General employee awareness of these schemes has grown in recent years. However, hackers still find success with this tactic by taking advantage of major news. Unfortunately, cybercriminals have a wealth of strategies and resources that they can utilise during this coronavirus pandemic in order to achieve higher rates of success with phishing schemes,” he said.
“For example, it’s conceivable that hackers may hijack a HR manager’s email account in order to send employees messages that appear to pertain to work-from-home policies and remote data access, but are actually asking for credentials or personal information. In this scenario, well-meaning employees can easily fall for this scheme and unknowingly become an insider threat.”
Without proper user training in relation to insider threats, companies leave themselves at risk, Kahol added. “Educating employees is crucial for all cybersecurity matters, but particularly so for insider threats. Cybercriminals are aware of this training gap and use it to their advantage.
“Consequently, organisations should regularly train employees on good password hygiene and how to detect and avoid phishing emails. How this education is done will look different across organisations depending on their business needs, how they operate and who has access to sensitive data.”
With many people now working remotely against the backdrop of a global pandemic, it has exposed a gap in employee training that will become vital for the future and may require a more in-depth onboarding process for new employees, as well as frequent upskilling for existing employees.