Do your employees know not to click on the all-too-common phishing emails that attempt to gather sensitive company information? Many of us have at least come close to clicking a suspicious-looking link.
Your employees “can be your weakest link when it comes to cybersecurity,” Erica Kofie, head of cyber proposition for Europe at research firm QBE, told Strategic Risk. The majority (80%) of tech professionals view human error “as the biggest risk to their control systems,” and 83% think “there was a serious lack of cybersecurity-related skills in workers,” Security Magazine reported.
So, when workforces are scattered across locations, who’s more of a cyber risk, in-office or remote workers? The answer might not be black and white.
Remote risks. Some of the top cybersecurity risks for remote workers include unsecured Wi-Fi connections and phishing scams.
While some companies view remote workers as “more mindful of cybersecurity threats and…better [at recognizing] safe cybersecurity practices and protection measures compared with office-based employees,” according to The Conversation, remote workers still pose their own risks. Remote working across the world raised the average cost of a data breach for a company by nearly $1 million, Security Intelligence reported.
As remote work allows for employees to work from coffee shops and public spaces, company data can be at risk from passing from employee computers to unknown servers, leading to potential cybersecurity problems, reported Cyber Magazine.
Phishing is also a common issue, as employees receive “fraudulent emails with the intention of stealing sensitive data from the company” and “the scammer may trick the employee into revealing login credentials or downloading malware that infects the system.” But remote workers may be more susceptible to phishing because remote work has “more reliance on emails, instant messaging, and teams platforms for interactions,” according to finance app Klutch.
Quick-to-read HR news & insights
From recruiting and retention to company culture and the latest in HR tech, HR Brew delivers up-to-date industry news and tips to help HR pros stay nimble in today’s fast-changing business environment.
In-person risks. As employees ditch at-home setups for the office, they may have a “perceived safety of their company’s cybersecurity measures” and might “be less likely to follow best practices and take necessary precautions” to avoid cyber risks, Gleb Tsipursky, behavioral scientist and CEO of Disaster Avoidance Experts, wrote in Entrepreneur.
Described as a complacency effect, some employees at a corporate office have increased “trust [that] their firms develop, maintain, and update security countermeasures to mitigate cybersecurity threats and risks” and “employees are not apt or mindful of security threats and concerns, leading to constrained cybersecurity awareness.” They may be more susceptible to clicking on phishing emails, and even neglecting preventative measures, such as following a company’s cybersecurity policies.
As you bring employees back into the office, it might be time for HR to refresh cybersecurity and compliance training by “encouraging employees to stay updated on the latest security best practices and providing regular training on new threats can help keep cybersecurity at the forefront of their minds,” Tsipursky wrote.
What’s HR to do. HR, in partnership with IT, can play an important role in helping remote and in-office workers by providing more comprehensive training covering what they do online, technical awareness, and how they think about cybersecurity measures, behavioral awareness, can both pose risks.
“By making employees aware of the potential threats and risks, as well as providing them with the tools and knowledge needed to protect themselves and the company, businesses can significantly reduce their vulnerability to cyberattacks,” Tsipursky added.