At a time when cyber risk is at its highest levels, new data shows how little organizations have done to ensure employees are prepared for cyber attack while working from home.
It’s somewhat understandable; when COVID-19 struck, organizations were scrambling to get themselves operational and weren’t focused on ensuring the same levels of corporate governance and cybersecurity. But, it’s still surprising to find out that little emphasis was put on educating users on the need to be vigilant.
According to security vendor Morphisec’s 2020 WFH Employee Cybersecurity Threat Index report, the majority of users (75%) are ready and willing to follow whatever security guidance is offered by IT, but half or less of employees are provided it:
- 56% of users were told to be wary of suspicious emails, attachments, or pop-ups
- 48% were told to make sure AV is running
- 46% were told to update software
- 20% weren’t told a single thing
So, at best, we have a little more than half of users being ever-so-slightly educated on cyberattacks, leaving the other 44% to fend for themselves and rely on their endpoint AV (which 52% weren’t told to check to make sure it’s running!).
This data jibes with similar reports detailing the complete lack of security awareness education for remote workers. At a time when users present one of the greatest risks to an organization, now is the time to invest in security awareness training that makes your logical perimeter (the user at their home, on their insecure WiFi, using their personal device) more secure.