Don't open suspicious emails when working from home, just don't

[aum]

Security awareness training doesn't seem to be working

 

Much more needs to be done if businesses are to improve their cyberdefences in the age of remote working, new research has found. Worryingly, it seems that whatever awareness training is being offered by businesses is not having the desired effect.

 

The study from cloud cybersecurity firm Mimecast asked 1,000 respondents about their use of work devices at home, finding 73% used company devices for personal matters, with two-thirds revealing that this had increased since they began working remotely. Individuals admitted that checking personal emails, conducting financial transactions and shopping online were among the most common activities.

 

Most businesses are unlikely to be fazed by employees using their company smartphones to conduct a bit of personal browsing from time to time as long as security protocols are followed. Unfortunately, Mimecast found that 45% of those surveyed had opened emails that they considered to be suspicious. The same percentage also did not report these emails to IT security personnel.

 

Blurring the lines

“This research puts a spotlight on the fact that while there’s a good amount of awareness training being offered, the type of training or the frequency is completely ineffective,” said Michael Madon, senior vice president of awareness training and threat intelligence at Mimecast. 

 

“With everyone’s home becoming their new office, classroom and place of residence, it’s not really a surprise that employees are using their company-issued devices for personal use. However, better training is crucial to avoid putting the company at risk. Employees need to be engaged, and trainings need to be short, visual, relevant and include humor to make the message resonate.”

 

The coronavirus pandemic has forced businesses to rapidly adopt remote working practices, naturally blurring the lines between personal and work behaviour online. 

 

Although many organizations are offering cyberthreat awareness training – 64% of respondents claimed to have received special cybersecurity awareness training related to working from home during the pandemic – it is vital that such training does not become just another box-ticking exercise.

 

Source

 

[funkyy]

Yes...when in doubt throw it out!! (delete it).

Better safe than sorry.

[mp68terr]

Quote

“This research puts a spotlight on the fact that while there’s a good amount of awareness training being offered, the type of training or the frequency is completely ineffective,” said Michael Madon, senior vice president of awareness training and threat intelligence at Mimecast.

In other words: we failed!