Security awareness in the time of the pandemic

The fundamentals haven't changed while the scope has broadened.

Anup Narayanan, 19th August, 2020

Editorial article on security awareness training in the time of the pandemic.

Photo by Ekaterina Bolovtsova from Pexels

After penning the above title, I realised that it resonated with - Love in the time of cholera. Anyways, now back to Security Awareness.

Ruth is the CISO of a large online retail firm with an unenviable task at hand. The proportion of remote workers is now higher than normal. While the necessary cyber security infrastructure in place, some thoughts nag her;

  1. How safe are their devices?

  2. Are they patched/updated on time?

  3. How secure is their home wi-fi?

  4. Are they installing new apps without checking?

  5. Will they stay safe from the next phishing attack?

With new phishing variants targeting remote workers, she is re-thinking her strategy. Ruth believes in awareness training as a strong security control. What can she do different now? Can she use existing infrastructure, without extra costs?

Add the new topic - remote work cyber security best practices

Start with hitting the nail on the head. Remote work is the new cyber security awareness topic. Within this topic, there are sub-topics to address. Check a few examples below.

  1. How to do video conferences securely?

  2. Secure your mobile or tablet

  3. Cyber security checklist for your home PC

  4. How to securely store and share files using the cloud?

  5. How to check if an app is safe?

  6. How to detect phishing scams?

  7. How to install and use VPNs?

  8. How to use your mobile device as a secure wifi hotspot?

  9. How to seek help when in doubt?

Each topic above merits exclusive attention. Micro-learning (see next section) is an excellent option to address each topic

Micro-learning is the new learning

Focused, one topic at a time, bite-sized, easy to absorb, continuous, flexible, for busy professionals...

These are the words and phrases that describe micro-learning.

It is the new way of learning for busy professionals. Usually an infographic or video or poster with a learning time of less than a minute.

E-learning courses or classroom training usually occurs once a year. Whereas, micro-learning makes security awareness continuous without stealing valuable work time.

Leverage existing infrastructure - Slack, Teams etc.

Often overlooked is the mode of security awareness communication. Look around and you will find a host of options.

Why not slack or Teams? Everyone's on it. Micro-learning content like videos or infographics would love Slack or Teams.

How about good old email? Everyone checks it daily. Infographics attached inline look great in emails.

Increasing clicks and views with OGP

Use OGP to generate rich previews of web pages with security awareness content.

How about setting up a simple internal web portal to host micro-learning content? Talk to the coders and add OGP (Open Graph Protocol) for each page. OGP gives the learner a rich preview of the content, which in turn triggers higher clicks and views.

Expand the reach of the learning management system (LMS)

The good old LMS is still there and delivering. And, if the LMS is not available outside the perimeters of your corporate network, it is time to re-think. Shift it to the cloud or a place where the workforce can reach it, from anywhere.

Closing notes

The fundamentals of security awareness have not changed. But the scope broadens with new topics. The methods change by shifting to simpler content like micro-learning. The efficiency and reach increases by using everyday tools like Slack, Teams or Email.