Although nobody was fully prepared for the COVID-19 pandemic, businesses have in many cases done well in scrambling to find and implement new ways for their operations to continue running. Some have even moved into new product lines to supply pandemic related goods and services in high demand. The biggest adjustment however has been moving employees into a work-from-home set-up.
In theory, working from home should have its advantages. Some studies for example have shown that employees who work remotely are more productive and enjoy the seduced stress associated with commuting to and from the workplace. Unfortunately, despite these advantages, there are serious risks for the business itself including loss of control, challenges with communication, access to data and most importantly protection of valuable, confidential data and sensitive company information that is no longer securely locked behind closed office doors, but perhaps sprawled across coffee tables in homes across the country.
Employees can access any number of sensitive documents daily such as trade secrets, patents, designs, customer lists, supplier lists, and more. This information is a commodity and an asset that must be protected. Remote workers often use home devices where they access private email accounts, social media, and other less secure external sites to go about their daily work. Often these devices are quite often not protected by firewalls, antivirus software and other software driven security measures. Most IT departments will not have access to these devices, leaving them open to security breaches.
Cyber-attacks come in different forms:
Phishing – a cybercrime in which a target is contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
Malware – the collective name for several malicious software variants, including viruses, ransomware, and spyware, designed to cause extensive damage to data and systems or to gain unauthorised access to a network.
Trojans – a type of malware that is often disguised as legitimate software used by cyber-thieves and hackers trying to gain access to users’ systems. Users are typically tricked by some form of social engineering into loading and executing Trojans on their systems.
Ransomware – a type of malware that prevents users from accessing their system or personal files and demands ransom payment to regain access via cryptocurrency or credit card.
Without an effective Information Security Management System and, crucially, active awareness by all users in the organisation, valuable data could be at an increased risk from cyber-attacks, especially while people are working remotely. The impact of a cyberattack can be devastating from a financial perspective, as well as to a company’s reputation, and if customer’s information is lost it could open the company to litigation.
How WWISE can help you
Through our Information Security training, you can equip your employees with the right knowledge, tools and mindset that will keep them from falling prey to cyber-attacks.
ISO 27001:2013 outlines the requirements for the development and control of an organisation’s Information Security Management System. The standard consists of various clauses, including the scope, referencing method, terms and definitions, organisational context and shareholders. The other clauses deal with information security leadership and high-level support policy requirements in addition to the planning of an Information Security Management System. All WWISE courses are accredited with FP and MSETA and recognised by SAQI and SABS. We offer 3 online courses relating to ISO 27001:2013, depending on stakeholder roles:
ISO 27001:2013 Information Security Management System Implementation – This course will provide delegates with an in-depth understanding of information security of the ISO 27001:2013 standard and its controls.
ISO 27001:2013 Information Security Management Systems Internal Auditor – The purpose of this course is to give you the necessary skills to perform internal audits on an organisation’s Information Security Management Systems (ISMS) and to contribute to their continual improvement.
ISO 27001:2013 Information Security Awareness – This course provides an introduction to the ISO 27001:2013 standard allowing delegates to understand the importance of Information Security within an Organisation.
Benefits of e-learning
There are several benefits to online education. Research suggests that online learning can increase retention of information and takes up less time. Given the way in which the world has changed as of late, online learning is more relevant than ever before. Additionally, e-learning is a more cost-effective approach to training and does not compromise on the quality of the information and learning imparted on delegates. Most importantly, by taking a WWISE online course, your employees are not subject to any physical human contact and can learn from the comfort of their home.
Make sure your company’s data remains secure by signing employees, or yourself up for one of our ISO 27001:2013 online Information Security courses.
Visit https://www.wwise-iso-e-learning.com/course_category/risk-management/ or contact us at admin@wwise.co.za for more information or to sign up today!