Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Educating remote workers on cybersecurity

Issue 2 2021 Information Security

By J2 CEO, John Mc Loughlin.

Cybercriminals have shifted their focus to vulnerable employees who now work from home and use personal Internet connections. Business leaders need to educate remote workers on cybersecurity and better computer safety practices or risk having their data compromised.


John Mc Loughlin.

In a recent study by Microsoft, more than 25% of remote workers had personally experienced a cyberattack. This is largely as a result of employers being forced to quickly implement a remote work strategy and still not having the necessary security, privacy and workplace procedures in place to secure this new environment more than a year after hard lockdowns and work from home orders started around the world.

While most businesses can invest in more robust data protection and security measures, it's their remote workers who can cause a potential disaster as a result of poor, inconsistent security policies and a lack of knowledge on what to look out for and how to behave in this online and hyper-connected world. The lack of effective processes or procedures could compromise critical data and cause disruption with serious consequences.

With digital adoption accelerating, cybersecurity has become a key area of focus because many businesses have already suffered attacks infiltrating their networks or systems over the past year. This is largely due to the rapid shift between on-premises and remote working.

It has required businesses to quickly ramp up their digital transformation efforts by adopting cloud computing and many have unfortunately not realised that the security controls they deploy in the office environment are not exactly the same as what is required in the new world of remote working.

Although some still view remote set-ups as temporary, most employees will most likely be allowed to work remotely in future. It is therefore important for businesses to make sure employees have the technology they need to be productive and know what it is that they need to do to remain secure.

Prioritising cybersecurity

Cyber criminals have become increasingly sophisticated over the past few years and businesses must remain cognisant of evolving threats if they want to protect their information assets. They need to design security controls that are not only effective against threats of today, but also provide the ability to adapt and provide protection against the unknown threats of tomorrow.

Having the best firewall in place at the office doesn't provide protection against threats aimed at people working remotely. It is about more than just a mobile phone and laptop, it extends to reliable Internet access, secure access and processes to attend virtual meetings and access data.

More importantly, implementing a user-centric cyber resilience program that covers insider threats and ongoing user cybersecurity awareness training is crucial.

Sometimes prioritising cybersecurity can be difficult if business executives consider it an unnecessary expense. Unfortunately, they often don't always realise the extent of the losses that will come from a security breach. All it takes is one successful simple phishing scam to be the first step in a total breach and end up in data loss, ransomware or other extortion attempts.

Most companies, big or small, cannot afford extended downtime from a cyberattack, especially while trying to determine what sensitive data was stolen and which regulatory body, customer or supplier will need to be notified of the breach. Smaller businesses are even at bigger risk because the effects of a cyberattack could be more devastating for them and a data breach could mean the end for most start-ups.

Educating employees

Businesses just cannot afford to neglect user-based activity monitoring and cybersecurity awareness training, it could be catastrophic. Education is key to ensuring that businesses are protected from cyberattacks. To be effective, the training must be consistent, engaging and provide real examples of what to look out for to make any difference. Engaging training and an easy-to-use platform will get staff talking about cybersecurity issues and discussion provides greater understanding.

Business needs to hold everyone to the same standard for adopting cybersecurity protocols. Nobody should get a ‘free pass’ when it comes to cybersecurity awareness training because of their designation. Executives are ultimately responsible for the secure use of company assets and must ensure that nobody is allowed to break security protocols.

Cybersecurity practices are sometimes seen as a burden and this could entice remote workers to find workarounds because they believe it might increase productivity. Open communication and practical security controls, with increased visibility, will drive good cybersecurity practices into the DNA of one's remote workforce.

Ensuring total visibility will prevent mistakes, allow one to respond immediately to threats and ensure patches, training and other items are properly managed. Visibility allows one to control compliance and cybersecurity issues and will give a view on anybody who may install unverified apps on their work devices, be it sending sensitive or confidential work documents to personal email addresses or even sharing passwords.

Work devices have now also become personal devices, remote workers also often let family members use their work computer for non-work-related activities. Allowing family members to use a work device could expose the entire corporate network to significant risk and every business needs to assess their policies and measure their risk exposure when personal activity is conducted on work devices.

In certain instances, this might not be allowed at all and clearly explaining this to the users is critical. However, until one has visibility, there is no way of knowing what is really happening at the end-point, it will just be a guess. Guesswork is not a recommended method to ensure data security.

Employers should make sure that they have visibility of what is really taking place with their data and on their systems to reduce their risk exposure. This is bolstered by educating their remote workers on what to look out for and how to identify potential breaches.

While it’s near impossible to stay entirely secure, there are basic rules that remote workers can follow to reduce the risks in this new working environment and total visibility and monitoring gives you the capacity to respond to changes before damage is done.




Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Want effective Attack Surface Management? Think like an attacker.
Information Security
Effective ASM requires companies to think like attackers, anticipate risks, and act decisively to reduce exposure by knowing their environment, deploying a structured approach, leveraging capable tools, and addressing both internal and external risks.

Read more...
The growing role of hybrid backup
Infrastructure Information Security
As Africa’s digital economy rapidly grows, businesses across the continent are facing the challenge of securing data in an environment characterised by evolving cyberthreats, unreliable connectivity and diverse regulatory frameworks.

Read more...
POPIA non-compliance puts municipalities at risk
Information Security Government and Parastatal (Industry)
Digital responsibility must go beyond POPIA compliance to recognising that privacy and service delivery are fundamentally linked. Despite this, only 51 out of 257 municipalities submitted their mandatory data protection and access to information reports in 2024.

Read more...
Choicejacking bypasses smartphone charging security
News & Events Information Security
Choicejacking is a new cyberthreat that bypasses smartphone charging security defences to confirm, without the victim’s input or consent, that the victim wishes to connect in data-transfer mode.

Read more...
Most wanted malware
News & Events Information Security
Check Point Software Technologies unveiled its Global Threat Index for June 2025, highlighting a surge in new and evolving threats. Eight African countries are among the most targeted as malware leaders AsyncRAT and FakeUpdates expand.

Read more...
Welcome to the new cyber battleground
Information Security
The Iran-Israel conflict is rapidly redefining modern warfare, pushing the boundaries of cyber capabilities and creating a new, borderless digital battlefield. Fortinet’s CISO, Dr Carl Windsor, offers a critical, in-depth analysis of the escalating tactics and global implications in his latest report.

Read more...
African industries may overestimate cyber defences
Information Security
] A significant perception gap exists in security awareness training: 68% of leaders believe training is tailored to roles, yet only a third of employees feel adequately trained. Many organisations only conduct annual or biannual generic training that may not effectively change behaviour.

Read more...
SMARTpod talks to Sophos and Phishield
SMART Security Solutions Technews Publishing Sophos Videos Information Security News & Events
SMARTpod recently spoke with Pieter Nel, Sales Director for SADC at Sophos, and Sarel Lamprecht, MD at Phishield, about ransomware and their new cyber insurance partnership.

Read more...
Cybersecurity and insurance partnership for sub-Saharan Africa
Sophos News & Events Information Security Security Services & Risk Management
Sophos and Phishield Announce first-of-its-kind cybersecurity and insurance partnership for sub-Saharan Africa. The SMARTpod podcast, discussing the deal and the state of ransomware in South Africa and globally, is now also available.

Read more...
Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.