Cybersecurity

How to upskill the hybrid workforce with tailored security training

Image of a padlock and laptop to represent cybersecurity.

Cybersecurity training is important for hybrid work. Image: FLY:D/Unsplash

Gary Sorrentino
Global Chief Information Officer, Zoom

With discussions circulating around going back into the office and employees still craving flexibility, leaders everywhere need to examine what it means to establish a successful and secure hybrid workforce.

To keep information and devices secure as employees travel in and out of the office, organizations will need to create a security strategy rooted in the variability of the everywhere workforce, one that helps workers understand the role they play in securing this new model.

Security leaders must create a training program tailored to the human variable and focused on real-life scenarios that will emerge in this new hybrid future.

The value of training

The IBM 2021 X-Force Threat Intelligence Index reports 95% of cybersecurity breaches are due to human error. Training employees isn’t just important, it’s essential for an organization’s survival.

a chart showing the top initial attack vectors in cybersecurity
The top initial attack vectors in cybersecurity. Image: IBM 2021 X-Force Threat Intelligence Index

Training creates a vital sense of awareness of today’s complex threat landscape and the role end users play in it. It encourages a sense of responsibility and accountability by showing that end user actions have a direct correlation to the overall security posture of an organization. Training also creates a culture of security, where all parties feel invested in the overall protection of an organization, even if they’re disconnected from a physical office.

Going beyond the basics

To combat today’s complex threats, training has to go beyond the basics. While employees need continuous learning on threat detection and data protection best practices, IT leaders need to also tailor their programming to the unique needs of the hybrid workforce. Therefore, training must focus on the following:

Technology tutorials: The hybrid workforce isn’t possible without the technology that enables employees to do their job from anywhere. Businesses should adopt user-friendly solutions that have controls in place and make sense to the people who use them every day; implementation should be paired with dedicated tutorials and training sessions on the software.

Scenario-focused threat awareness: IT also needs to build training scenarios tailored to the variability of a distributed workforce — lessons that speak to the threat of information flowing in and out of the office, to the dangers of working from public areas, to the kinds of attacks that target at-home workers, and more. A few of these attack scenarios should include:

Shoulder surfing

Business email compromise

Elicitation

Brute-force password attacks

Phishing schemes

Have you read?

Training should ultimately be designed as a memorable experience versus a quarterly task that employees feel obligated to complete.

For example, at Zoom we distribute a “Work-From-Home Security Best Practices” checklist and conduct annual security training with our employees, but have expanded our efforts to encompass situational training as well. We’ve launched monthly phishing simulations and follow-up education to have employees practice identifying and reporting phishing emails in a safe environment, transforming the threat of phishing into a tangible reality.

Combining the strengths of training & technology

The human variable of the hybrid workforce can either be your organization’s biggest threat or its strongest competitive advantage. Success in today’s complex landscape will be determined by how you pivot your strategy around that variable.

Discover

How is the Forum tackling global cybersecurity challenges?

As you evolve the way you upskill the hybrid workforce, you need an intuitive communications platform that can keep pace. Designed for seamless and secure collaboration, the Zoom platform keeps you and your team connected so you can get more done, no matter where you are. Our solutions are built with security top of mind to help protect the crucial information shared across our platform.

For Zoom Meetings specifically, we’ve created an end-to-end encryption (E2EE) feature, which, when enabled, uses the same 256-bit AES GCM encryption that supports standard Zoom Meetings but the cryptographic keys are known only to the devices of the meeting participants.

With the right mix of training and technology supporting your workforce, hybrid is no longer a novel concept, but a sustainable reality that can support greater flexibility, efficiency, and security for your organization.

To learn more about Zoom’s approach to security and related resources, explore our Trust Center.

Loading...
Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

The Digital Economy

Related topics:
CybersecurityForum Institutional
Share:
The Big Picture
Explore and monitor how The Digital Economy is affecting economies, industries and global issues
World Economic Forum logo

Forum Stories newsletter

Bringing you weekly curated insights and analysis on the global issues that matter.

Subscribe today

4 ways to advance equity in cyberspace

Kate Whiting

December 12, 2024

The top cybersecurity stories from 2024

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum