Cyber security training


Holding Off on Security Awareness Training for Remote Workers is a Recipe for Disaster

Among the many IT practices and procedures that may have fallen by the wayside in the chaotic transition to remote work in 2020, neglecting security awareness training has proved to be one of the biggest big problems.  In this dangerous threat landscape, remote workers present a variety of complex challenges to IT teams when it comes to security, and untrained workers are a risk that endangers every defensive measure that they put in place.  Companies that are looking at long-term or even permanent remote work support must make smart investments in security awareness training to mitigate the risk of trouble from unprepared remote workers.



Security Awareness Training Fails Aren’t Just a Pandemic Problem

Companies weren’t doing enough security awareness training before the pandemic and that’s only gotten worse.  In 2020, a survey of IT professionals showed that while over 95% of them said that their companies had security awareness training programs, only 30% of them said that employees had actually completed any training.  That number has barely budged, even with the magnitude of cybersecurity risk becoming more apparent to business leaders in the wake of major incidents like Colonial Pipeline.   In their 2021 Data Security Report, GetApp reported that 31% of the companies they analyzed do not undertake security awareness training for employees even once per year.

Even when companies do run regular security awareness training, they’re not focusing on cyberattacks and cybercrime threats.  Entrust’s “Securing the New Hybrid Workplace” report takes a deep dive into how businesses approach security awareness training and it’s not promising when considering risks like phishing and ransomware.  Only 52% of the employees and business leaders surveyed said that their organizations do anti-phishing training.  Those percentages drop sharply when looking at specific threats. A paltry 31% of employees and 36% of business leaders said that their organizations offer ransomware-focused security training, and just 26% of surveyed companies provided social engineering training for employees.  Considering the risk, it’s stunning that 55% of companies don’t provide even basic email security training.



Companies Train Around Policies Instead of Threats

By comparison, the companies that are running security awareness training programs are focusing on other security topics like information handling and general security education.  Common non-cybercrime-related training topics include modules that encourage compliance with industry regulations and company policies around security.  These modules included best practices for securing company information (74% of both employees and leaders), digital security compliance (63% of employees, 70% of leaders), and overviews of the security tools used by the organization (51% of employees, 59% of leaders).  While that type of security awareness training content is important and can teach employees some basic cybersecurity skills and best practices, it’s not enough to empower employees to act as a last line of defense against cyberattacks.

Those shortfalls are especially dangerous for companies that are supporting a remote or hybrid workforce.  The most common way for a company to have a security incident is through the actions of an employee, whether they mean to act maliciously or not.  Over 40% of workers in a remote workforce security survey reported that they had made mistakes resulting in cybersecurity repercussions for themselves or their company while working remotely.  More than 55% of workers admitted that they were frequently off-balance when working from home, leading to security blunders that could unleash expensive nightmares for their employers.



Why Does it Matter?

Untrained workers are a security risk that can have devastating consequences, but security awareness training around cybercrime risk can help companies reduce their chance of a damaging cybersecurity incident by up to 70% and increase the probability that an employee will have the skills that they need to prevent a security disaster.


Phishing Nightmares

One of the biggest threats that security awareness helps mitigate is a company’s phishing risk, and when it comes to remote workers, that’s a really big deal.  More than 55% of remote workers rely on email as their primary form of communication with their coworkers making Remote workers prime targets for phishing.  An astonishing 97% of employees are unable to spot a sophisticated phishing message, increasing data security danger.  They’re likely to fall for phishing tricks too.  CyberNews reports that 1 in 3 employees are likely to click the links in phishing emails, and 1 in 8 employees are likely to share information requested in a phishing email.  In a phishing simulation, users in North America struggled the most, posting a 25.5% click rate and an 18% overall credential submission rate.  This means that a little over 7 out of every 10 clickers willingly compromised their login data.  Users in Europe exhibited lower click and submission rates of 17% and 11%, respectively.


Data Breach Woes 

In this year’s IBM Cost of a Data Breach Report, researchers determined that the average cost of a breach in 2021 is estimated at $4.2 million per incident, the highest ever recorded in the 17 years of the study.  Their researchers also found that companies with a remote workforce faced added complexity and costs when it came to data breach response.  Organizations that operate with 50% remote workers took an average of 316 days to identify and contain a data breach compared to the overall average of 287 days.  Companies supporting a remote or hybrid workforce experienced an increase of up to $1 million more when a data breach occurred, with the highest rates of $4.96 million in comparison to $3.89 million.



Remote Work is Here to Stay

Between ongoing pandemic pressures, a changing workforce, and advances in technology, businesses have had no choice but to adapt to the new era of remote work.  Upwork estimates that 36.2 million workers or 22% of Americans will be permanently working remotely by the year 2025, an 87% increase from pre-pandemic levels.  For knowledge economy workers, that number increases dramatically to 51%. Companies that fail to take security awareness seriously when supporting a remote workforce will likely face devastating consequences.

Improved security awareness training programs help reduce the risk.


Be sure to schedule a Free Cyber Security Risk Assessment.