We wrote a prior post about how remote work brings about changes that should shape your approach to security awareness training. At a high level, remote work changes:
In this post, we cover what topics should be covered when providing security awareness training to remote employees. As employees shift to remote, they need help to ensure they are secure and your networks are secure, regardless of where the actual work is performed.
Some of these topics are likely already a part of your security awareness training but others are not a part of most security awareness trainings.
Home network security
While there are likely controls in place to ensure remote access to company systems and data, home network security best practices like not broadcasting SSID and network encryption should be implemented.
When on public wifi networks, use caution and, if you can, limit going to websites where you need to provide credentials or sensitive information. A personal VPN is valuable when using public wifi.
Staying vigilant wherever you work
One of the challenges of remote work is not knowing all the employees of your company. Don’t assume a message from an unknown sender claiming to be a co-worker is legitimate. Verify with your manager or another member of your team.
Social engineering targeting remote work topics
Attackers are taking advantage of the shift to remote with attacks targeting topics that are top of mind for newly remote workers. This is a trend that will evolve as remote work evolves to capitalize on topics like hybrid work, in-person policies, and remote travel procedures.
Internet of Things (IoT)
Often, we don’t think of appliances like TVs and refrigerators as computers but that is what they are when they are “smart” or “connected”. These devices should be treated like any other computer or phone in terms of security.
Over communicating when suspicious
With remote, more communication is always better. Be proactive if you have any questions or your gut tells you something feels off. Getting ahead of security incidents reduces risk.