Quickly train and enable your workforce to securely work from home with this free toolkit from The SANS Institute.
Many organizations are understandably struggling with the sudden transition to work-from-home caused by the coronavirus pandemic. As your organization adjusts to this new situation, we want to pass along the “Security Awareness Work-From-Home Deployment Kit,” an excellent set of resources put together by the good folks at The SANS Institute.
If you are not familiar with SANS, they are “the most trusted and, by far, the largest provider of cybersecurity training and certification for government and commercial-institution professionals worldwide” and provide multiple cybersecurity training courses and professional certifications.
The Work-From-Home Deployment Kit is a guide and set of tools to quickly secure your remote workforce, including an easy-to-follow action plan and a comprehensive library of training materials which SANS is releasing for free.
The kit is available at sans.org/workfromhomekit.
According to SANS, “this kit provides a strategic step-by-step guide on how to quickly execute an awareness initiative to secure your remote workforce, including how to identify what to teach your workforce, the top risks to focus on, what departments to coordinate with and how to effectively engage and communicate to your workforce. In addition, for each risk, we link to a library of training material—such as videos, infographics, podcasts, newsletters, digital signage and more!”
The initial areas they focus on include:
- Social engineering attacks, including email phishing, phone calls, texting, social media, and fake news
- Weak password practices allowing abuse of remote access systems
- The importance of keeping operating systems, applications, and mobile apps updated to latest versions when more staff than ever are using personal devices
Additionally, a one-page factsheet provides simplified guidance for small organizations and individuals.
Keys to Success
When presenting this Deployment Kit, Director of SANS Security Awareness Lance Spitzner highlighted a few keys to successfully managing and adapting to this remote-work paradigm.
- First, minimize and prioritize what you train. Focus on the most pressing concerns, like those noted above. Don’t try to teach everyone everything at once.
- Second, don’t get stuck on technology. Technology alone is not going to solve the problem of remote-work security. Securing a remote workforce is a people problem, and it requires people solutions.
- Third, partner with others across your organization. This is not an IT Department challenge, it is a leadership challenge and requires management, IT, communications, and other teams to work together.
Ultimately, the organization’s goal at this point is to make security as simple as possible for staff – especially the non-techies – while keeping your sensitive resources safe and keeping the work of the organization moving forward.
Again, the SANS Security Awareness Work-From-Home Deployment Kit is available for free at sans.org/workfromhomekit.
We at Eagle tip our hats to the SANS Institute for this excellent and generous resource. We hope that it helps your organization stay secure during this challenging time.
If we can do anything to help your organization adjust to the health crisis and remote work – for instance by advising on technologies, assessing risks, or providing training – please contact us at 216-503-0355 or [email protected].