With discussions circulating around going back into the office and employees still craving flexibility, leaders everywhere need to examine what it means to establish a successful and secure hybrid workforce.

To keep information and devices secure as employees travel in and out of the office, organizations will need to create a security strategy rooted in the variability of the everywhere workforce, one that helps workers understand the role they play in securing this new model.

Security leaders must create a training program tailored to the human variable and focused on real-life scenarios that will emerge in this new hybrid future.

The value of training

The IBM 2021 X-Force Threat Intelligence Index reports 95% of cybersecurity breaches are due to human error. Training employees isn’t just important, it’s essential for an organization’s survival.

a chart showing the top initial attack vectors in cybersecurity
The top initial attack vectors in cybersecurity.
Image: IBM 2021 X-Force Threat Intelligence Index

Training creates a vital sense of awareness of today’s complex threat landscape and the role end users play in it. It encourages a sense of responsibility and accountability by showing that end user actions have a direct correlation to the overall security posture of an organization. Training also creates a culture of security, where all parties feel invested in the overall protection of an organization, even if they’re disconnected from a physical office.

Going beyond the basics

To combat today’s complex threats, training has to go beyond the basics. While employees need continuous learning on threat detection and data protection best practices, IT leaders need to also tailor their programming to the unique needs of the hybrid workforce. Therefore, training must focus on the following:

Technology tutorials: The hybrid workforce isn’t possible without the technology that enables employees to do their job from anywhere. Businesses should adopt user-friendly solutions that have controls in place and make sense to the people who use them every day; implementation should be paired with dedicated tutorials and training sessions on the software.

Scenario-focused threat awareness: IT also needs to build training scenarios tailored to the variability of a distributed workforce — lessons that speak to the threat of information flowing in and out of the office, to the dangers of working from public areas, to the kinds of attacks that target at-home workers, and more. A few of these attack scenarios should include:

Shoulder surfing

Business email compromise

Elicitation

Brute-force password attacks

Phishing schemes

Training should ultimately be designed as a memorable experience versus a quarterly task that employees feel obligated to complete.

For example, at Zoom we distribute a “Work-From-Home Security Best Practices” checklist and conduct annual security training with our employees, but have expanded our efforts to encompass situational training as well. We’ve launched monthly phishing simulations and follow-up education to have employees practice identifying and reporting phishing emails in a safe environment, transforming the threat of phishing into a tangible reality.

Combining the strengths of training & technology

The human variable of the hybrid workforce can either be your organization’s biggest threat or its strongest competitive advantage. Success in today’s complex landscape will be determined by how you pivot your strategy around that variable.

What is the World Economic Forum doing on cybersecurity?

The World Economic Forum’s Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. The centre is an independent and impartial platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors.

Since its launch, the centre has driven impact throughout the cybersecurity ecosystem:

Contact us for more information on how to get involved.

As you evolve the way you upskill the hybrid workforce, you need an intuitive communications platform that can keep pace. Designed for seamless and secure collaboration, the Zoom platform keeps you and your team connected so you can get more done, no matter where you are. Our solutions are built with security top of mind to help protect the crucial information shared across our platform.

For Zoom Meetings specifically, we’ve created an end-to-end encryption (E2EE) feature, which, when enabled, uses the same 256-bit AES GCM encryption that supports standard Zoom Meetings but the cryptographic keys are known only to the devices of the meeting participants.

With the right mix of training and technology supporting your workforce, hybrid is no longer a novel concept, but a sustainable reality that can support greater flexibility, efficiency, and security for your organization.

To learn more about Zoom’s approach to security and related resources, explore our Trust Center.