TMC's Advisor

The Advisor is published by TMC

The Time for Security Awareness

With COVID-19 disrupting business operations in an unprecedented way, many organizations have been required to adapt to remote working. While many managed to deploy the required infrastructure and technologies to enable their workforce to work from home, how about security awareness training? Who has access to the company’s data when working from home, in many cases from a shared workspace? What happens to the printed documents that may contain confidential information?

By Matthias Koch

Matthias is a seasoned IT executive and an instructor for Information Security at Okanagan College. He has many years of experience in the private and public sector and has worked on numerous high profile projects for multinational companies.

Crime Amidst Chaos

Cybercriminals have already begun to take advantage of the unique opportunity provided by the ongoing COVID-19 pandemic. They are actively targeting home workers who seem to be providing an easy way to gain access to the corporate networks. Ever since employees made the shift to working from home, the volume of phishing emails received by corporate users has increased significantly, and many of the phishing emails target remote workers.

The Best Defense is a Good Education

Security Awareness training is vital to the education of staff, and to ensure that they are aware of the risks that they are likely to encounter. It also ensures that employees understand their responsibilities in protecting the corporation’s privacy. By educating workers about possible attacks, security awareness training gives them the tools to identify threats and vulnerabilities, and take the basic steps to protect the organization’s data. It also teaches staff how to secure the workplace at home, including how to deal with paper copies and files when they are away from the office.

Policies Provide Protection

While many IT departments have managed to deploy the infrastructure for remote workers or adapted a BYOD (Bring Your Own Device) model, in many cases the security policies framework was not adapted to the new reality. Many organizations still don’t have an acceptable use policy that deals with the security of the infrastructure and the protection of sensitive information and personal information, particularly in a home office environment. An acceptable use policy is not just an important tool to help staff to recognize risks and refrain from insecure behaviours, it is an essential component in protecting a company’s assets and data. In addition, an acceptable use policy can also help to limit the organization’s liability in the event of a data breach, hacking incident, or any other cybercrime incident.

We Can Help

TMC can assist in providing Security Awareness Training for your organization. We will help you to update your organization’s security policy framework, and ensure that your employees are well armed against cybersecurity risks. Security Awareness Training can be delivered remotely to help your employees keep security top of mind, so you can focus on deploying new work form home strategies for your company, and everyone involved in it. With a little bit of work, we can all stay safe in these troubling times.

This article was published in the April 2020 edition of The TMC Advisor
- ISSN 2369-663X Volume:7 Issue:3

©2020 TMC Consulting