Enterprise cybersecurity technology research that connects the dots.

Enterprise Security Around the Dinner Table

Enterprise cybersecurity awareness training has evolved to include informal lessons for employees' family members, and it has many benefits.

Dinner table with food
Source: <a href="https://pixabay.com/users/stocksnap-894430/?utm_source=link-attribution&amp;utm_medium=referral&amp;utm_campaign=image&amp;utm_content=2602707">StockSnap</a> from <a href="https://pixabay.com/?utm_source=link-attribution&amp;utm_medium=referral&amp;utm_campaign=image&amp;utm_content=2602707">Pixabay</a>

When I’ve talked to cybersecurity awareness training vendors about changes brought on by the pandemic — and further changes brought on by its reduction and end — I've been surprised by how few changes they've discussed.

One change, though, has been talked about by many of the players in the market, and it's one that I didn't anticipate: There's been a change in who they've been asked to train.

As employees flowed out of offices and into work-from-home (WFH) situations, cybersecurity professionals quickly realized that home networks and everyone who used them were suddenly part of the corporate infrastructure. If little Johnny visits the wrong website or grandma clicks on a phishing email, the ramifications could not only harm the household but also the companies of those WFH users.

Different organizations tried different ways to keep the ongoing WFH security risk from becoming a massive security disaster, and many of those ways involved training the employees' family members to be more responsible, security-aware computer users.

For vendors providing cybersecurity awareness training, this new training tended to require teaching those who might not have had previous awareness training the basics of phishing behaviors, malicious links on websites, ransomware, and even mobile threats like smishing and vishing. Omdia's research on how these efforts have affected enterprise security is ongoing, but we have not seen massive increases in corporate security failures over the last two years, so they certainly couldn't have hurt.

What Are the Benefits of Cybersecurity Awareness Training?

Beyond the benign impact, there are important long-term benefits to cybersecurity awareness training that extend to employees' family members. The benefits fall, broadly, into short-term and long-term groups.

In the short term, it's unlikely that businesses are going to go back to the simple "everyone comes to the office everyday" model that existed three years ago. More employees will be doing more work at home, at least some of the time, so the home network must now be considered part of the enterprise infrastructure from a cybersecurity standpoint.

While some organizations are installing company-controlled home routers and firewalls on employee networks, those devices aren't magic bullets; there are plenty of cybersecurity threats they won't stop. The users who share physical (and network) space with the employee can have an impact on enterprise security, so those users should receive at least some cybersecurity awareness training.

Once trained, family members will not only be less likely to fall victim to cyberattacks, but they can also become valuable early warning sensors for malicious campaigns. In addition, family members might well become important behavior-reinforcing agents for good cybersecurity hygiene for the employee. Every parent knows that there's often nothing that a little child treasures more than the opportunity to point out poor behavior on the parent's part.

Over the long term, it is unquestionably true that no organization lives as a cybersecurity island. Each is part of a global community of email, messaging, and Internet users. Making the community safer overall makes the individual organization safer by association. As the cyber hygiene of the total community improves, the risk posture of the individual organization cannot help but improve.

In addition, the family members of today are the potential employees of tomorrow. Imagine how much more effective your cybersecurity awareness training could be if employees came to the table with a better baseline understanding of risks and responses.

It is true that there is no guideline or regulation that states a company's cybersecurity program must include teaching good cyber hygiene to employees' family members. However, in the shifting business understanding of 2022, teaching those family members about cybersecurity could be an investment that pays off for years to come.

About the Author

Curtis Franklin, Principal Analyst, Omdia

Curtis Franklin Jr. is Principal Analyst at Omdia, focusing on enterprise security management. Previously, he was senior editor of Dark Reading, editor of Light Reading's Security Now, and executive editor, technology, at InformationWeek, where he was also executive producer of InformationWeek's online radio and podcast episodes

Curtis has been writing about technologies and products in computing and networking since the early 1980s. He has been on staff and contributed to technology-industry publications including BYTE, ComputerWorld, CEO, Enterprise Efficiency, ChannelWeb, Network Computing, InfoWorld, PCWorld, Dark Reading, and ITWorld.com on subjects ranging from mobile enterprise computing to enterprise security and wireless networking.

Curtis is the author of thousands of articles, the co-author of five books, and has been a frequent speaker at computer and networking industry conferences across North America and Europe. His most recent books, Cloud Computing: Technologies and Strategies of the Ubiquitous Data Center, and Securing the Cloud: Security Strategies for the Ubiquitous Data Center, with co-author Brian Chee, are published by Taylor and Francis.

When he's not writing, Curtis is a painter, photographer, cook, and multi-instrumentalist musician. He is active in running, amateur radio (KG4GWA), the MakerFX maker space in Orlando, FL, and is a certified Florida Master Naturalist.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights