Steel Root Director of Cybersecurity Andy Sauer was featured in an article that brought together over 25 voices in cybersecurity and academia to discuss the key elements of a cybersecurity awareness training program. Andy’s recent work on the effects of COVID-19 on cybersecurity is highlighted in the article, along with perspectives on the why’s, how’s, and best practices for cybersecurity training.

Andy’s contribution is reprinted below. You can read the full article at VPNRanks.

Cybersecurity awareness is important for employees in an organizational setting because COVID-19 has changed the landscape entirely, making cybersecurity a much bigger business threat than ever before. This is due to the significant increase in people who are teleworking; which leads to the following factors:

  • Behavioral changes: Working off site, employees tend to be more relaxed and more likely to let their guard down – perhaps even answering emails designed to provide data access to hackers. Also, with stress levels increased, staff might be more inclined to be reactive and less strategic in their actions.
  • Situational changes: Working in disparate locations, security instructions and access rules can fall through the cracks. This can result in less stringent oversight of transactions and other key workflows.
  • Technological changes: Suddenly companies are forced to extend their firewalls beyond the physical boundaries of their office. Company systems are being accessed from a wide range of devices, even personal devices. These changes can lead to compromise, data sprawl and other challenges.