Canadian HR Reporter

20 www.hrreporter.com F E A T U R E S AMONG the many secondary impacts of the global pandemic has been a surge in cybersecurity threats targeting both the fears of individuals and the new networking dynamics of a suddenly enlarged remote workforce. Criminals have seized upon this disruption to steal money or personal information by generating COVID-19- related scams via email, text and phone calls, with an increase in attempts to lure people into visiting malicious sites, clicking on malicious links or providing personal information over the phone. Because many employees have been transitioned to a remote workforce, IT teams can only do so much to combat these threats. Even prior to COVID- 19, they struggled with a shortage of cybersecurity talent and resources, and in many organizations, there was Employers don't want to make that situation worse. So, step one is to keep it simple. Forget the hackers regularly seen in movies or on TV. By far, the biggest security threat to any organization is email. Cybercriminals don't need sophisticated tools when they have the human psyche to prey upon, which is why the most effective hackers design emails or texts that lead to large numbers of people clicking on a link or sharing sensitive information. With that in mind, employers should upgrade their secure email gateway to ensure that it is highly effective at eliminating spam and phishing and automatically defusing malicious attachments. The next step is to communicate two important issues to the workforce: how to spot a fake email or text and what to do if they receive one. Employers also want to provide any updates if a particular threat has appeared or is at high risk of doing so. IN-HOUSE TRAINING MOST POPULAR TYPE OF CYBERSECURITY TRAINING IN CANADA to begin training employees across lines of business in good "cyber-hygiene" practices. Security is a team effort, and employees need to understand the part they have to play, how they can take on that role — and take it seriously. Prioritize communications For employers looking to get started, it is important to prioritize what to communicate to the workforce. Under the pandemic, people are being overwhelmed with information. Plus, they've had to adjust to new working arrangements, their children are out of school and they may have family members to care for or worry about. T he last thing the y need is communication that is complicated or seemingly unnecessary. At best, many may see security policies as a nuisance; at worst, they may avoid them. 54% In-house training material that's promoted internally 36% Lunch-and-learn sessions or workshops 35% Standalone, computer-based training 32% Third-party seminar-style training programs 21% Standalone phishing simulations 21% Integrated training, phishing and reporting platform TRAINING KEY TO 'CYBER DISTANCING' With so many people working from home during the pandemic, cybersecurity is more critical than ever, says Derek Manky of Fortinet, outlining several training methods that are effective in building a truly cyber-aware workforce already the growing worry that in the ongoing cybersecurity arms race, the bad guys were winning. With the pandemic, armies of workers have now set up shop in their living rooms — many for the first time — so demand on IT systems has surged even further, making the task of beating the cybercriminals that much more difficult. Now, more than ever, IT teams need the support of everyone in the organization in following all proper procedures and making sure not to unintentionally open up new security gaps. Creating a "culture of security" involves helping employees understand how security affects them and their jobs, and accepting their role as the front line of security. With a captive audience engaged in an unprecedented level of transition and disruption, now is the best time possible Sources: Canadian Internet Registration Authority R I S K M A N A G E M E N T

• Cover