Back
Cyber Security Training & Software for Companies | MetaCompliance

Products

Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters

Back
Industry

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Governments

A Go-To Security Awareness Solution For Governments

Enterprises

A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Back
Resources

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Back
MetaCompliance | Cyber Security Training & Software for Employees

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Leadership Team

Meet the MetaCompliance Leadership Team

Careers

Join Us and Make Cybersecurity Personal

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

How to Manage Cyber Security during COVID-19

Cyber Security Return to Work

about the author

Share this post

As lockdown restrictions continue to ease across the UK, businesses are starting to consider a return to work — at least part time. But this will create a totally new situation for many firms: A hybrid working environment that exists between work and home, adding significant cyber security risks.

When COVID-19 lockdown first hit the UK in March, businesses had to quickly adapt at scale. But cyber-criminals also adapted to this new environment, sending targeted phishing emails and text scams en masse.

In April, Google said it saw more than 18 million daily malware and phishing emails related to COVID-19 in just one week. By May, over £800,000 had been lost to coronavirus scams, according to reports made to the National Fraud Intelligence Bureau.

Phishing is often a route to distributing ransomware — a form of malware that encrypts business data until a ransom is paid. In April, Interpol’s Cybercrime Threat Response said it had detected a “significant increase” in the number of attempted ransomware attacks against key organisations around the world.

And more recently, the alleged ransomware assault that hit tech company Garmin has shown how easily a cyber-attack can bring business operations to a halt, impacting customer perceptions and ultimately, a firm’s reputation.

During COVID-19, the reputational damage caused by a breach can be even worse. Spare a thought for beleaguered airline EasyJet, which in May, admitted it had been hacked in a “highly sophisticated cyber-attack” earlier in the year.

So, how do security leaders avoid the risks that can ultimately damage their company when the workforce exists between work and home?

Recognising the Risks

It’s first important to recognise the challenges that have already emerged in the work from home environment. With the entire population under pressure during the last few months amid the COVID-19 pandemic, businesses have not wanted to further burden employees.

This means in many cases, cyber security training has fallen by the wayside — a major problem given the phishing attacks that are all too common during COVID-19.

Meanwhile, many firms have failed to revise their policies in line with this suddenly-changed working environment, adding further risk.

Without the streamlined communication systems they are used to, employees can fall for phishing attempts and in some cases unwittingly give away valuable business credentials — or even pave the way for ransomware attacks.

Three Cyber Security Scenarios

The COVID-19 hybrid working environment adds challenges spanning three scenarios: Bring Your Own Device (BYOD), working from home, and working from the office.

The BYOD trend has been happening for years, and businesses are learning to deal with it via policies and tools such as mobile device management. But cyber security during the pandemic opens up even more avenues of risk.

Employees are taking work laptops home, or they may be using their own hardware to connect to the business network. They may, or may not, be using a virtual private network (VPN).

At the same time, companies will be encouraging the use of collaboration software to stay connected as employees exist between home and the office. This can mean employees downloading apps such as Microsoft Teams on their phones, or using unapproved apps to make themselves more efficient — all without IT’s knowledge.

Then there are other working from home risks and sociological and administrative changes to consider. There will often be more than one person working from home. People will naturally be displaying valuable business data on their screens, for anyone entering the household to see.

It’s all too common for people to walk off without locking their computer, but what if this was to accidentally display sensitive business information that could be exposed by someone else who lives at or is visiting the property?

Home routers are another challenge. They are vulnerable to multiple types of cyber-assaults that could put business data at risk, such as man-in-the-middle-attacks which see adversaries able to snoop on network traffic.

The working from the office scenario adds to complexity. For example, is the employee carrying one laptop between work and home; are they sending sensitive files to another device to work on from home?

In this new and hybrid environment, traditional security controls simply aren’t fit for purpose. The new working “normal” requires an overhauled approach including cyber security controls and tools, policies and training.

WFH is a Digital Transformation Project, not an IT Project

It’s already clear that cyber security in the COVID era requires a mindset change. 20 years ago, this new working environment wouldn’t have even been possible, because the technology wasn’t in place and employees were hardwired into internal systems. Now, meetings can happen via video conference, while cloud and apps make it easier than ever to download files, collaborate and communicate.

But given that these innovations also add cyber security risks, a sensible approach would be to view working from home as a digital transformation project, rather than an IT project.

Companies need to first look at their policies and provide clear education to employees on what to do and what not to. As part of this, it’s a good idea to play out situations: For example, “this printer is a Wi-Fi connected device, here are the risks it poses” while encouraging basic best practices such as patching.

The UK’s National Cyber Security Centre (NCSC) offers some solid advice for employees working from home. In a BYOD situation for example, the NCSC advises businesses to be aware of the risk of devices being lost or stolen. To help lessen the threat, it says, ensure devices encrypt data while at rest, and check that encryption is turned on and configured.

Meanwhile, staff should be using using a VPN at home, and it should be fully patched. Businesses may need to add more licenses, capacity or bandwidth if the company has greatly expanded its number of remote users.

It’s also important to outline how education can help to stop, for example, employees falling for phishing attacks. Staff should also know how they can report issues, including phishing attempts or lost devices, as well as how to keep their home and work software and hardware up to date.

Of course, any security overhaul will require buy-in from the board. Security leaders can use examples such as EasyJet and Garmin to demonstrate why a cyber-attack can be a danger to the business financially and reputationally, especially during a pandemic.

Overall, it requires a holistic approach involving everyone at the company, covering both work and home environments. With the landscape changing all the time as new threats emerge, cyber security needs to be a constant project, not a tick-box exercise.

Free Cyber Awareness Asset to Help Organisations Return to Work

Cyber Security Awareness for  Dummies acts as an indispensable resource for implementing  behavioural change and creating a culture of cyber awareness. 

Phishing Cyber Security Awareness

In this guide, you will learn: 

  • What Cyber Security awareness means for your organisation 
  • How to implement a cyber risk awareness campaign 
  • The critical role of policies to  establish safe baselines 
  • How to maintain momentum and staff engagement 
  • 10 Cyber Security awareness best practices

Other Articles on Cyber Security Awareness Training You Might Find Interesting