As businesses transition to remote work and many employees adjust to working from home, organizations need to stay focused on people-centric security. People-centric security places the employee in the center of security measures and is designed to reduce the risk of human error. As bad actors transition away from malware-based attacks to more targeted, social engineering-based attacks that reach insiders directly, it is increasingly critical that organizations understand and address the risk of human error on the job.
When designing and building an effective security awareness and training program, the people element is inherently the focus. A shift to remote working demands security awareness and training programs quickly pinpoint an active people-centric strategy to address the needs of changing environments and user populations with different objectives, triggers and learning styles.
The deviation to remote working means organizations are opening up or extending their traditional corporate boundaries to home networks. To threat actors, this means their attack surface area has been significantly increased, and it is now easier to influence insiders to make mistakes. To help combat this broader risk, organizations should remind employees that they are not in a secure shell where all the necessary protections are in place for them.
Education and training on security controls, such as the use of virtual private networks (VPNs), encrypting emails and the use of personal devices, can be a starting point to counteract the newly introduced factors of a remote work environment. This education can be achieved through a security awareness and training program that is flexible yet comprehensive to continuously test that ..
Support the originator by clicking the read the rest link below.
