Security Awareness for Remote Working
Given the unprecedented current circumstances, businesses and individuals across the country are urged to work from home. At Direct Computers, we want to make sure that all of our customers working remotely feel confident, secure and well-equipped to do this.
As currently everyone is still getting to grips with working from home, it's important to know that there could be a range of issues that will come up to which some businesses may not of considered.
Firstly, internet hackers will use this as an opportunity to deliver world wide phishing attacks. Unfortunately, staff will not be present in a work environment where they have a dedicated IT team monitoring emails and network traffic, from home the emphasis is on the personal user.
Secondly, there will be a huge risk that businesses face from CEO Fraud attack. It's important to ensure staff have CEO fraud training, if not already. Due to the nature that CEOs and their finance staff work separately, businesses should enforce policies in place, such as payments only being made if there is verbal approval from the CEO or Finance Director.
Finally, staff awareness is so important when relying on remote work. For example, are staff aware of simple things like securing their internet router by changing the default password? In most cases probably not. However, simple things like this can make a huge difference when securing your network, which is why it's crucial that all businesses put a security awareness training system in place.
We at Direct Computers suggest using KnowBe4, which according to Gartner is used by over 30,000 businesses worldwide. KnowBe4 comes with a number of useful features. It has over 1100 training items, over 4300 phishing templates, so businesses can run effective phishing tests to understand what mistakes users are likely to make. It also allows you to run training campaigns to help users understand how to secure their home network as well and also reminding them of obvious things such as clicking on links in a suspicious email.
One of the great features of KnowBe4 is the "Second Chance" function which is a way of reminding users to think twice before clicking on links. We would also suggest deploying the "Phish Alert" button which gives users the option of sending any suspected phishing emails to someone that is better positioned to determine whether an email is a phishing attack or not. For example, this could go to the dedicated IT team for review.
Both Phish Alert and Second Chance are included and are deployed at domain level meaning users will have functionality as soon as it's deployed. KnowBe4 also have your back in regards to training on how to use these tools. Overall, KnowBe4 has the functionality and content that covers all bases you need.