Holding Off on Security Awareness Training for Remote Workers is a Recipe for Disaster
Among the many IT practices and procedures that may have fallen by the wayside in the chaotic transition to remote work in 2020, neglecting security awareness training has proved to be one of the biggest big problems. In this dangerous threat landscape, remote workers present a variety of complex challenges to IT teams when it comes to security, and untrained workers are a risk that endangers every defensive measure that they put in place. Companies that are looking at long-term or even permanent remote work support must make smart investments in security awareness training to mitigate the risk of trouble from unprepared remote workers.
Your company’s top security risk is already inside the building. Learn how to fix it with The Guide to Reducing Insider Risk. GET IT>>
Security Awareness Training Fails Aren’t Just a Pandemic Problem
Companies weren’t doing enough security awareness training before the pandemic and that’s only gotten worse. In 2020, a survey of IT professionals showed that while over 95% of them said that their companies had security awareness training programs, only 30% of them said that employees had actually completed any training. That number has barely budged, even with the magnitude of cybersecurity risk becoming more apparent to business leaders in the wake of major incidents like Colonial Pipeline. In their 2021 Data Security Report, GetApp reported that 31% of the companies they analyzed do not undertake security awareness training for employees even once per year.
Even when companies do run regular security awareness training, they’re not focusing on cyberattacks and cybercrime threats. Entrust’s “Securing the New Hybrid Workplace” report takes a deep dive into how businesses approach security awareness training and it’s not promising when considering risks like phishing and ransomware. Only 52% of the employees and business leaders surveyed said that their organizations do anti-phishing training. Those percentages drop sharply when looking at specific threats. A paltry 31% of employees and 36% of business leaders said that their organizations offer ransomware-focused security training, and just 26% of surveyed companies provided social engineering training for employees. Considering the risk, it’s stunning that 55% of companies don’t provide even basic email security training.
Is someone’s behavior suspicious? Learn to spot trouble fast with 5 Red Flags That Point to a Malicious Insider at Work. DOWNLOAD IT>>
Companies Train Around Policies Instead of Threats
By comparison, the companies that are running security awareness training programs are focusing on other security topics like information handling and general security education. Common non-cybercrime-related training topics include modules that encourage compliance with industry regulations and company policies around security. These modules included best practices for securing company information (74% of both employees and leaders), digital security compliance (63% of employees, 70% of leaders) and overviews of the security tools used by the organization (51% of employees, 59% of leaders). While that type of security awareness training content is important and can teach employees some basic cybersecurity skills and best practices, it’s not enough to empower employees to act as a last line of defense against cyberattacks.
Those shortfalls are especially dangerous for companies that are supporting a remote or hybrid workforce. The most common way for a company to have a security incident is through the actions of an employee, whether they mean to act maliciously or not. Over 40% of workers in a remote workforce security survey reported that they had made mistakes resulting in cybersecurity repercussions for themselves or their company while working remotely. More than 55% of workers admitted that they were frequently off-balance when working from home, leading to security blunders that could unleash expensive nightmares for their employers.
A strong security culture reduces your company’s chance of a data breach. This checklist helps you build it. GET IT>>
Why Does it Matter?
Untrained workers are a security risk that can have devastating consequences, but security awareness training around cybercrime risk can help companies reduce their chance of a damaging cybersecurity incident by up to 70% and increase the probability that an employee will have the skills that they need to prevent a security disaster.
One of the biggest threats that security awareness helps mitigate is a company’s phishing risk, and when it comes to remote workers, that’s a really big deal. More than 55% of remote workers rely on email as their primary form of communication with their coworkers making a company’s remote workers prime targets for phishing. Unfortunately, that phishing has an excellent chance of being successful, especially if the bad guys use methods like brand impersonation. An astonishing 97% of employees are unable to spot a sophisticated phishing message, increasing data security danger. Even in the office, employees are still very likely to be fooled by phishing messages. CyberNews reports that 1 in 3 employees are likely to click the links in phishing emails, and 1 in 8 employees are likely to share information requested in a phishing email. In a phishing simulation, users in North America struggled the most, posting a 25.5% click rate and an 18% overall credential submission rate. This means that a little over 7 out of every 10 clickers willingly compromised their login data. Users in Europe exhibited lower click and submission rates of 17% and 11%, respectively.
Data Breach Woes
In this year’s IBM Cost of a Data Breach Report, researchers determined that the average cost of a breach in 2021 is estimated at $4.2 million per incident, the highest ever recorded in the 17 years of the study. Their researchers also found that companies with a remote workforce faced added complexity and costs when it came to data breach response. Organizations that operate with 50% remote workers took an average of 316 days to identify and contain a data breach compared to the overall average of 287 days. Companies supporting a remote or hybrid workforce experienced an increase of up to $1 million more when a data breach occurred, with the highest rates of $4.96 million in comparison to $3.89 million.
Be the hero that defeats your company’s security threats to declare victory over cybercriminals! GET THE GUIDE>>
Remote Work is Here to Stay
Between ongoing pandemic pressures, a changing workforce and advances in technology, businesses have had no choice but to adapt to the new era of remote work. Upwork estimates that 36.2 million workers or 22% of Americans will be permanently working remotely by the year 2025, an 87% increase from pre-pandemic levels. For knowledge economy workers, that number increases dramatically to 51%. Companies that fail to take security awareness seriously when supporting a remote workforce will likely face devastating consequences.
Improved security awareness training programs help reduce the risk. BullPhish ID from ID Agent makes it easy for organizations of any size to run effective, affordable security awareness training no matter where their employees are at a price that any company can afford.
Now we’ve made BullPhish ID a dynamic stand-alone solution for security awareness training. BullPhish ID also boasts an array of fresh features and functions that make the training experience better for trainees and IT professionals that are tasked with running it. You’ll love:
New Training Content
- 15 new, up-to-date training videos on a variety of security and compliance topics including passwords, ransomware HIPAA compliance and more have been recently added to the platform.
- 8 new phishing kits have also been added to keep up with the latest threats. The kits are customizable and can be modified by customers to suit their clients’ needs.
- More new training content around risks and compliance is added every month!
New How-To Videos (Coming Soon)
- Brief in-product video tutorials will provide helpful instructions for commonly used product features.
- Several new self-help videos will come out every quarter to help you take full advantage of the BullPhish ID features.
New Reporting Module
- Easily track and show progress with easy-to-read monthly and quarterly performance reports that can be accessed anytime.
- Choose automated reporting and have those performance reports created and delivered to designated recipients automatically.
Get a personalized demonstration of the newly retooled BullPhish ID today!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Is your password compromised? Find out in seconds!
Book your demo of Dark Web ID, BullPhish ID and Passly now!