With discussions circulating around going back into the office and employees still craving flexibility, leaders everywhere need to examine what it means to establish a successful and secure hybrid workforce.

To keep information and devices secure as employees travel in and out of the office, organizations will need to create a security strategy rooted in the variability of the everywhere workforce, one that helps workers understand the role they play in securing this new model.

Security leaders must create a training program tailored to the human variable and focused on real-life scenarios that will emerge in this new hybrid future.

The value of training

The IBM 2021 X-Force Threat Intelligence Index reports 95% of cybersecurity breaches are due to human error. Training employees isn’t just important, it’s essential for an organization’s survival.

a chart showing the top initial attack vectors in cybersecurity
The top initial attack vectors in cybersecurity.
Image: IBM 2021 X-Force Threat Intelligence Index

Training creates a vital sense of awareness of today’s complex threat landscape and the role end users play in it. It encourages a sense of responsibility and accountability by showing that end user actions have a direct correlation to the overall security posture of an organization. Training also creates a culture of security, where all parties feel invested in the overall protection of an organization, even if they’re disconnected from a physical office.

Going beyond the basics

To combat today’s complex threats, training has to go beyond the basics. While employees need continuous learning on threat detection and data protection best practices, IT leaders need to also tailor their programming to the unique needs of the hybrid workforce. Therefore, training must focus on the following:

Technology tutorials: The hybrid workforce isn’t possible without the technology that enables employees to do their job from anywhere. Businesses should adopt user-friendly solutions that have controls in place and make sense to the people who use them every day; implementation should be paired with dedicated tutorials and training sessions on the software.

Scenario-focused threat awareness: IT also needs to build training scenarios tailored to the variability of a distributed workforce — lessons that speak to the threat of information flowing in and out of the office, to the dangers of working from public areas, to the kinds of attacks that target at-home workers, and more. A few of these attack scenarios should include:

Shoulder surfing

Business email compromise

Elicitation

Brute-force password attacks

Phishing schemes

Training should ultimately be designed as a memorable experience versus a quarterly task that employees feel obligated to complete.

For example, at Zoom we distribute a “Work-From-Home Security Best Practices” checklist and conduct annual security training with our employees, but have expanded our efforts to encompass situational training as well. We’ve launched monthly phishing simulations and follow-up education to have employees practice identifying and reporting phishing emails in a safe environment, transforming the threat of phishing into a tangible reality.

Combining the strengths of training & technology

The human variable of the hybrid workforce can either be your organization’s biggest threat or its strongest competitive advantage. Success in today’s complex landscape will be determined by how you pivot your strategy around that variable.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum's Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority.

Our community has three key priorities:

Strengthening Global Cooperation - to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.

Understanding Future Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.

Building Cyber Resilience - to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.

Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.

The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.

For more information, please contact us.

As you evolve the way you upskill the hybrid workforce, you need an intuitive communications platform that can keep pace. Designed for seamless and secure collaboration, the Zoom platform keeps you and your team connected so you can get more done, no matter where you are. Our solutions are built with security top of mind to help protect the crucial information shared across our platform.

For Zoom Meetings specifically, we’ve created an end-to-end encryption (E2EE) feature, which, when enabled, uses the same 256-bit AES GCM encryption that supports standard Zoom Meetings but the cryptographic keys are known only to the devices of the meeting participants.

With the right mix of training and technology supporting your workforce, hybrid is no longer a novel concept, but a sustainable reality that can support greater flexibility, efficiency, and security for your organization.

To learn more about Zoom’s approach to security and related resources, explore our Trust Center.