How to Upskill the Hybrid Workforce with Tailored Security Training
This post is part of our series from Zoom’s Office of the CIO, a global strategy group focused on the communications challenges and opportunities facing CIOs and other enterprise technology leaders.
With discussions circulating around going back into the office and employees still craving flexibility, leaders everywhere need to examine what it means to establish a successful and secure hybrid workforce.
To keep information and devices secure as employees travel in and out of the office, organizations will need to create a security strategy rooted in the variability of the everywhere workforce, one that helps workers understand the role they play in securing this new model.
Security leaders must create a training program tailored to the human variable and focused on real-life scenarios that will emerge in this new hybrid work future.
The value of training
The IBM 2021 X-Force Threat Intelligence Index reports 95% of cybersecurity breaches are due to human error. Training employees isn’t just important, it’s essential for an organization’s survival.
Training creates a vital sense of awareness of today’s complex threat landscape and the role end users play in it. It encourages a sense of responsibility and accountability by showing that end user actions have a direct correlation to the overall security posture of an organization. Training also creates a culture of security, where all parties feel invested in the overall protection of an organization, even if they’re disconnected from a physical office.
Going beyond the basics
To combat today’s complex threats, training has to go beyond the basics. While employees need continuous learning on threat detection and data protection best practices, IT leaders need to also tailor their programming to the unique needs of the hybrid workforce. Therefore, training must focus on the following:
Technology tutorials: The hybrid workforce isn’t possible without the technology that enables employees to do their job from anywhere. Businesses should adopt user-friendly solutions that have controls in place and make sense to the people who use them every day; implementation should be paired with dedicated tutorials and training sessions on the software.
Scenario-focused threat awareness: IT also needs to build training scenarios tailored to the variability of a distributed workforce — lessons that speak to the threat of information flowing in and out of the office, to the dangers of working from public areas, to the kinds of attacks that target at-home workers, and more. A few of these attack scenarios should include:
- Shoulder surfing
- Business email compromise
- Brute-force password attacks
- Phishing schemes
Training should ultimately be designed as a memorable experience versus a quarterly task that employees feel obligated to complete.
For example, at Zoom we distribute a “Work-From-Home Security Best Practices” checklist and conduct annual security training with our employees, but have expanded our efforts to encompass situational training as well. We’ve launched monthly phishing simulations and follow-up education to have employees practice identifying and reporting phishing emails in a safe environment, transforming the threat of phishing into a tangible reality.
Combining the strengths of training & technology
The human variable of the hybrid workforce can either be your organization’s biggest threat or its strongest competitive advantage. Success in today’s complex landscape will be determined by how you pivot your strategy around that variable.
As you evolve the way you upskill the hybrid workforce, you need an intuitive communications platform that can keep pace. Designed for seamless and secure collaboration, the Zoom platform keeps you and your team connected so you can get more done, no matter where you are. Our solutions are built with security top of mind to help protect the crucial information shared across our platform.
For Zoom Meetings specifically, we’ve created an end-to-end encryption (E2EE) feature, which, when enabled, uses the same 256-bit AES GCM encryption that supports standard Zoom Meetings but the cryptographic keys are known only to the devices of the meeting participants.
With the right mix of training and technology supporting your workforce, hybrid is no longer a novel concept, but a sustainable reality that can support greater flexibility, efficiency, and security for your organization.
To learn more about Zoom’s approach to security and related resources, explore our Trust Center.