Elly Yates-Roberts |
As the months pass and the Covid-19 pandemic continues, many organisations are rethinking their workplaces. A hybrid model where employees return to the office for part of the week is emerging. The time is now for employers to strengthen their cyber-preparedness during the shift to a hybrid workforce.
Ongoing security preparedness is critical. Nearly 80 per cent of firms had their business disrupted, incurred a financial loss or suffered some other setback in 2020 due to their lack of cyber preparedness, according to Mimecast’s State of Email Security 2021 (SOES) report.
Email has been a particularly fraught medium for businesses of all sizes during the past year: 81 per cent of SOES respondents said the volume of email expanded during the last year, with a 64 per cent increase in email threats. Even more shockingly, Mimecast Threat Center reports that employees are clicking on three times as many malicious emails as they had before the onset of the pandemic. These phishing attempts have caused 63 per cent of SOES respondents to face a surge in targeted emails that attempt to lure employees into clicking on a malicious link or attachment.
Employees need engaging and consistent cybersecurity awareness training to reduce the number of clicks on malicious emails, and to prevent phishing attacks that can lead to ransomware. Here are some steps to take, which become even more relevant as the hybrid workforce becomes a reality.
First, treat employees as allies. Employees who understand what’s at stake and why security measures are in place will be more invested in doing their part to protect the business. In doing so, employees are also protecting themselves, especially as the hybrid workplace extends into their own home networks and devices.
Secondly, provide examples. Examples are powerful; they can illustrate how common cyberattacks, such as email phishing scams, can impact the organisation and individual employees.
Next, make it easy to do what’s right. Keep training short, engaging and relatable. Provide information in a digestible and accessible format that is meaningful to their work, and make IT resources easily available.
Finally, recognise employees’ level of technology expertise. It’s likely there will be a wide range of technical expertise among employees at your organisation. Give employees the opportunity to test out specific training, while recognising and accommodating those who need more support than general training is designed to provide.
Mandy McKenzie is the senior director of product management for awareness training at Mimecast
Read the full SOES report: www.mimecast.com/state-of-email-security
This article was originally published in the Autumn 2021 issue of Technology Record. To get future issues delivered directly to your inbox, sign up for a free subscription.