Securing the remote office: reducing cyber risks to remote working through regular security awareness education campaigns

Date

2024-01-29

Advisors

Journal Title

Journal ISSN

ISSN

2356-5845
1615-5270

Volume Title

Publisher

Springer

Type

Article

Peer reviewed

Yes

Abstract

Cyber security threats, including risks to remote workers, are varied and diverse, with the number of scams and business email compromise breaches increasing. Firms and their staff are experiencing mass phishing attacks, several typical precursors to more sinister attacks like cyber-enabled fraud, ransomware, and denial of service (DDoS) attacks. Threat actors are leveraging new technologies such as machine learning and artificial intelligence (AI) to deliver sophisticated scam and phishing messages that are challenging for users to identify as malicious. Several businesses are increasing technical efforts in critical areas, including network hardening, robust patching, anti-malware, ransomware detection applications, and multi-factor authentication to detect, prevent, and recover from potential threats. Despite that, these measures provide only a partial solution if the users who access the systems do not have good security awareness training. In this study, we review some cyber risks related to remote working and detail how they can be remediated through regular security awareness education campaigns (SAECs). The study presents the results of a proof of concept (PoC) experiment conducted to establish the value of regular SAECs in the fight against scams and phishing attacks against remote workers. The pilot results confirm that securing the remote office requires a robust SAEC. It argues that to be successful and help staff protect business systems and data, SAECs must be regular and varied, providing opportunities for staff to understand what to look for in suspicious scams and phishing emails. Moreover, they must provide opportunities for staff to practice their knowledge and understanding through practical exercises such as spam and phishing simulation exercises, which could help users avoid falling victim to spam and phishing emails.

Description

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.

Keywords

Citation

Angafor, G.N., Yevseyeva, I., and Maglaras, L. (2024) Securing the remote office: reducing cyber risks to remote working through regular security awareness education campaigns. International Journal of Information Security,

Rights

Attribution-NonCommercial-NoDerivatives 4.0 International
http://creativecommons.org/licenses/by-nc-nd/4.0/

Research Institute

Cyber Technology Institute (CTI)