Reduce the Risk of Remote Worker Error Based Cyberattacks

Our themed months continue on the Renaissance blog and other media channels. This month, we focus on remote working and how it can be made more secure, productive, and better for everyone involved.

Hybrid Working - The New Normal

With the sudden shift to mass home working early in 2020, there was scrambling to get IT systems in place to handle the sudden change. IT teams made decisions to get people connected, sometimes without a complete cybersecurity analysis and input. Many IT teams worked around the clock to get systems online and believed that they could revisit them when the panic was over and ensure that security was robust. And many did, but we all know that the workloads on IT teams are always heavy, and there are likely many parts of the current remote working infrastructure that are not as secure as they could be. This presents some tempting targets for cybercriminals. Indeed, as early as June 2020, VMware reported via their Global Threat Report that 91% of Enterprises they surveyed had seen an increase in cyberattacks due to remote working.

The last 15 months of enforced remote working provide all organisations with a generational opportunity to revamp their working practices. Many industry analysts, think-tanks, and governments (Ireland and the UK have guidance or task forces in place) think that hybrid working between offices, homes, and regional shared office spaces will be the future of work. A new normality will emerge over the next few years as pandemic restrictions end.

Cybersecurity for the New World of Work

One thing that will need to be front and centre in whatever emerges as the new working paradigm will be cybersecurity. The ongoing arms race between cybercriminals and security professionals will be with us forever. It'll just have a shifting front line. Cybersecurity has many components, but two overarching ones are technical security solutions and people-focused activities. Renaissance and our partners have solutions for all the technical aspects of cybersecurity. Contact us at any time to discuss your needs.

For the people aspect of cybersecurity, there needs to be awareness training for everyone. Getting the balance right between delivering this training in a way that's useful while at the same time not overloading anyone and switching them off to security is tricky. It is an area where usecure are experts and in which they have developed cloud-based, automated awareness training for cybersecurity and related areas. According to their knowledge gaps, training is adjusted for each staff member, is automated via pre-set timescales, easily consumed in 5 to 10-minute chunks, and scored so managers can track progress.

Renaissance and usecure are running a webinar on the 26th of May titled "Transform your MSP Sales & Marketing with the Human Risk Report". This will cover how organisations can use the usecure Human Risk Report solutions to improve the cybersecurity awareness of their staff. Sign up for the webinar here, and read on for a high-level summary of usecure cyber-awareness solutions.

usecure Automated Cyber Awareness Training

The usecure cyber awareness training has several modules, with uLearn at its core. This is an online cyber-awareness training solution that is simple to deploy (it's a Cloud-based app), easy to configure for each organisation's needs, automatically tailored to each individual's skill level, and scored so that managers can ensure that everyone is up to speed. This latter feature also helps to demonstrate to C-level executives and external auditors that cybersecurity awareness training and procedures are in place.

uLearn sends individually tailored cybersecurity awareness training to all staff members. Each training session is only 5 to 10 minutes in length and has a multiple-choice quiz to track understanding. So that people do not get overloaded with training about topics they are familiar with the first step in the process is to get everyone to complete a cybersecurity awareness questionnaire on 12 subjects. These are then scored on a chart such as the one below.

Each training schedule is adjusted to preferentially send individuals lessons in the areas they score poorly on. In the example above, that would be Phishing first, then Security at Home, and Public Wifi, then the other topics further down the line.

The frequency for when the training is sent out is fully customisable by day, and for how many weeks between each session. This ensures that people are not continuously bombarded with reminders to do training. A sure-fire way to annoy people and deter them from raising their awareness.

Once a schedule is defined, the usecure cyber awareness platform handles all the details of generating the training, sending emails to staff to let them know, and tracking responses and quiz scores. There is no time-consuming hands-on management required.

 Other Training Options

In addition to the cybersecurity training modules available in usecure, there are also compliance training courses covering areas such as PCI and GDPR. These build staff awareness of the requirements for these regulations.

The platform is also a customisable Learning Management System (LMS). Organisations can create their own unique training for the areas that matter to them. They can then deliver these courses to staff with the built-in cybersecurity-focused and compliance courses from usecure.

Conclusion

Continuous and user-friendly cybersecurity training is a vital part of any security strategy. The usecure platform makes it easy to deliver tailored training without many of the annoyances usually found with training systems. Join Renaissance and usecure on the 26th of May to find out more.