Work-from-home security is getting a lot more attention because millions of employees are now working remotely. Unless you provide direction, your employees may accidentally act in a less secure manner. After all, working from home requires new behaviors, habits and processes to maintain organizational security.
To make sure your work from home security training is sufficient, you need to understand the current state. Use the following self-assessment process to find gaps and needs in your workforce.
Self Assess Your Work From Home Security Situation
Use these steps to understand your current state for work-from-home security. By going through this process, you can develop highly relevant training.
1. Review Your Organization’s IT Security Training Materials
Go through your company’s current IT security training documents, courses and e-learning. Look for evidence that work-from-home security issues and examples are covered. If this issue has not been included in meaningful detail, your training approach will need to be comprehensive. If there is some coverage of the topic, you may be able to develop a more limited training program.
2. Review Recent Messaging To Staff On Security
In some cases, managers and executives may speak about security best practices. Survey a few leaders in the organization to see what has already been recently said. You might find out that there are some relevant points you can reinforce when you develop your training. For example, if the CEO referenced IT security as a priority on a call with investors, you can reference that point.
3. Assess Work From Home Security Technology
Review the hardware and software that employees have on hand. For example, employees might have specialized authenticated hardware devices to improve security. Alternatively, your staff may have access to company-issued smartphones. Access to such devices goes a long way toward enhancing work-from-home security. If staff is working remotely using personally owned equipment, you will face more significant challenges.
4. Discuss IT Security Threat Trends With Key Technology Stakeholders
From the previous steps, you will have a good understanding of the work-from-home security situation. However, you still need to consult with subject matter experts in your organization. Specifically, reach out to the IT help desk, IT security colleagues, and human resources. Ask them what kinds of questions, tickets and issues are coming up from employees. For example, take note of an increase in the number of employees asking for password resets.
5. Summarize the Key Work-From-Home Security Threats
Based on the above steps, you will have a sense of the critical gaps and issues in your remote work security program. At this stage, your objective is to identify one to three key concerns that can be addressed by security training. For example, your annual IT security training might have an optional module on work from home security. Also, your company-issued smartphones might have specialized security features that few people know about.
Once you have a few ideas, you can develop a focused security training program guaranteed to reduce your IT security risk.
Build A Quick Wins Work-From-Home Security Training Offering
You have a reasonable understanding of employee concerns, equipment and skills. To reduce your IT security risk quickly, focus on quick wins at first. Remember, your objective is not to train everybody in the organization to become IT security specialists. Instead, you are only seeking to address the most severe gaps.
To achieve quick wins in work from home security training, observe the one-hour rule. Build a training module that can be delivered in one hour focused on three to five tactics to improve security. This training material can be delivered in several formats, depending on what you have available. Ideally, use a video conference tool like Skype for business or Zoom to provide the training. If that is not available, use a conventional conference call.
Sample One-Hour Quick Wins Training Agenda
● Introduction. Explain why work-from-home security is a priority for the organization.
● Work-From-Home Security Story. Share a personal story about how you learned to improve practice from home security.
● Tip 1: VPN Security Best Practices. Explain the importance of using the VPN and its limitations. For more insight on this topic, check out our article: What You Need To Know About VPN Security.
● Tip 2: Mobile Device Security Tips. Describe how staff can use their mobile devices as a backup tool to authenticate themselves
● Tip 3: Paper Document Security. Guide employees on the best ways to handle paper documents. For example, you might ask them not to print work documents on home printers.
● Where To Get Support. Make sure you provide multiple ways to access security, including by phone call. If your staff are unable to log in to their devices, they need a simple way to get support quickly.
● Questions and Answers. Leave time at the end of the training for employees to ask questions!
After you deliver the IT security training, complete a survey one week after the training session. Ask whether the staff found the training helpful and see if they can provide one example of a change they have made as a result.
The Path To Optimized Work From Home Security
Delivering a few one-hour IT security training sessions will address one weakness in your work from home security. However, that is probably not going to be enough to keep the company secure. After all, your organization is likely to receive a steady stream of phishing attacks and other threats. The IT team is pulling long hours to keep an eye on new updates from crucial software providers. You need to find a way to relieve the pressure.At a certain point, providing additional IT security training to employees will not help you further. You need to turn to other strategies to protect the organization. Take a close look at your identity and access management solutions. For instance, do you have a process to track all approvals for user accounts and address inactive user risk? Installing a modern access management software solution is one excellent way to address these issues.