With communities beginning to open back up, companies are considering the decision to stay remote. And this comes with good reasons. The cost of leasing space might be prohibitive and downsizing to host only necessary business functions could help with expenses. During the pandemic, your organization may have seen an increase in productivity and employee happiness. While compromises and decisions are being made, organizational IT security training needs to be at the top of every conversation.
Office environments provide a certain level of security for data and resources. Desktop computers do not go home at the end of the day. Most rank-and-file employees will not have access to data from their homes. Moving from the cubicle to the home office requires that data be in use outside of the security of the office environment, increasing the risk of loss or compromise.
Where patient or confidential client data may go straight to the shredder in the office, at home it may go to the trash can in the kitchen. With the ability to work from anywhere, an employee may be using a more secure Ethernet connection at home on Monday, and on Tuesday the free Wi-fi at a busy coffee shop downtown. The increased risk of complacency needs to be met with increased security awareness, training, and management.
What Should We Do?
- Increase the frequency of security training – If your organization was on an annual or bi-annual rotation, consider quarterly trainings with supplemental emails or newsletters monthly
- Provide targeted training for the issues that increase organizational risk – data compromise, data destruction, device loss and security, and social engineering
- Define work from home security standards and expectations – where and how employees can access data and assets at work
- Utilize managed computers and cell phones that can be disabled if compromised
- Include social engineering testing in your next security assessment
How TCM Security Can Help
Our experts can assess your organization’s security training policy and provide valuable feedback on strengths and areas of improvement. TCM Security can provide targeted social engineering and phishing assessments to test your organization’s security posture and provide ways to remediate weaknesses and build upon strengths. For more information, contact us.