Make your remote workforce more secure with cyber drills

The COVID-19 pandemic forced workplaces to shift gears and embrace a remote work environment quickly. 

Some teams took to it naturally. They’ve long had a remote mindset as part of their company culture. Other teams fumbled their way, crossing off items on a checklist they believed made them remote-friendly. They downloaded Zoom for video conference calls; they established flexible work arrangements; they cleaned up their Slack workspace to focus more on work, less on gifs.

What many teams failed to consider, however, is how their new remote workforce impacts their security. 

Your increased risk of cyberattacks 

Before the pandemic, the FBI received 1,000 cybersecurity complaints every day. 

That rose to 3-4,000 complaints since the pandemic. 

That spike is, in large part, due to an overall increase in online activity. Bad actors know more people and organizations are online, which means more opportunities. But hackers also know many businesses created their remote work environments in haste — making them easy targets. 

Here’s one example: government shutdowns forced call centers to close down. But customer service reps can (and do) work remotely. Unfortunately, their home networks aren’t as secure as a call center’s, making it easier for hackers to record sensitive customer information shared on calls. 

It also doesn’t help that we’re all a bit distracted. Lockdowns, isolation, and the comforts of home have lowered our guard. We’re more likely to open an email from an unknown sender — from our kitchen table — than we would be in an office. 

That’s why you need to step up your company’s security measures. You can’t assume your team members know how to be vigilant. Nor can you assume your business isn’t a potential target. 

Every business — and individual — is a target. 

Are you prepared? Are your employees? 

You can answer both these questions through cyber drills.

What are cyber drills?

Cyber drills are real-time simulations that show you how employees and leaders respond in an emergency. They reveal chinks in your security armor and help you see what type of training your team needs. Some cyber drills are announced (meaning you warn the participants). Some are not. 

Why cyber drills?  

Many companies have existing security protocols in place. For example, they may require remote workers using public Wi-Fi to connect through a personal hotspot or VPN. 

Personal hotspots keep employees off shared networks, while VPNs:

  • Hide the user’s IP address
  • Encrypt data transfers in transit
  • Mask the user’s location

Companies might also use a password manager such as LastPass or 1Password, both of which:

  1. Create secure passcodes for your logins
  2. Warn you of any duplicated passcodes
  3. Notify you of security breaches to any platforms you log into
  4. Allow you to share and restrict access to your 3rd-party services 

These safety protocols give you a decent layer of protection. So, too, do encrypted websites (think of the padlock and “HTTPS” you see in a web address).

But they can’t protect your company against human-made vulnerabilities. Cyber drills can. 

How to run cyber drills

When introducing your team to a new cyber threat, we suggest the following format:

  1. Start with an unannounced cyber drill
  2. Then, hold at least once announced cyber drill
  3. Follow that with another unannounced cyber drill

Here’s why this approach works. 

Assess prior knowledge — and respond accordingly

You don’t know what your employees know and don’t know about cybersecurity. Not until you see them in action against a threat. 

Only then can you tailor your cyber plan based on your team’s unique needs.  

This is called assessing prior knowledge in education. An unannounced cyber drill lets you evaluate your team’s prior knowledge to know what next steps to take. 

For example, you could send out a fake phishing email to your entire team without warning. Pretend it’s from your CEO asking for the recipient’s phone number. 

See who opens it, who reports it, and who ignores it altogether (the ideal response is to report it). The result of this exercise will help you determine what to include in your cyber response playbook. 

Create (or update) your cyber response playbook

Your playbook should outline who is responsible for what in the event of a security breach. This includes human resources, IT, public relations, customer service reps, and so on. Organize your playbook by cyber threats (one section or chapter for each cyberthreat). This makes it easier to reference in the event of an attack.

When possible, reference the cyber drills you held in your playbook. This helps your employees create connections between old and new knowledge, making it easier for them to remember new processes. 

For example, in your section on phishing emails, reference the exercise we detailed earlier. 

Store your playbook alongside other critical information, like in your internal wiki. Require every new hire to read it as part of his or her onboarding. 

Practice your new playbook

A playbook you don’t practice is useless. That’s like having a fire escape plan you read for the first time when your building is on fire. 

Help your team prepare for an attack with periodic announced cyber drills. Using our school analogy again, announced cyber drills are like end-of-unit tests. Students know they’re coming, so they study and prepare. 

These drills reinforce learnings through real-life action. They also help you assess the clarity and effectiveness of your playbooks. 

Put your team to the test

With at least one dry run under their belts, your employees are ready to test their knowledge in real life. 

Conduct another unannounced cyber drill. This time, focus on two things:

  1. How close to your playbook script do your employees stick to?
  2. At the end of the drill, is your company’s security intact? 

If your employees stray from the playbook, you may need more announced cyber drills. If your company remains vulnerable, identify what went wrong and update your playbook accordingly. 

When cyber drills aren’t enough

Phishing attacks are just one of the countless cybersecurity threats your business and employees are vulnerable to. Others include IoT and ransomware attacks as well as Asynchronous Procedure Calls (APCs) in system kernels. Many of these attacks can be thwarted by updating all operating systems connected to a network. While you can get creative with cyber drills to see how many employees update their systems, a more direct approach is to:

  1. Require remote employees to activate automatic updates on their devices, and
  2. Send announcements when devices and software your team uses release critical updates. Create an IT Slack channel where you post these announcements

Create a secure remote work environment that outlives the pandemic

​The effects of the COVID-19 pandemic will linger long after some semblance of normalcy is regained. 

Face masks will take on new meaning. Handshakes will be met with an awkward pause. And many of today’s remote workers will demand flexibility in where, when, and how they work.

That makes it harder for you to ensure your employees follow security best practices. Cyber drills help you assess your current vulnerabilities so you can create tailored, more effective playbooks that empower your remote team to protect your company’s most sensitive data.