Edinburgh Napier University

  Cyber security threats, including risks to remote workers, are varied and diverse, with the number of scams and business email compromise breaches increasing. Firms and their staff are experiencing mass phishing attacks, several typical precursors to more sinister attacks like cyber-enabled fraud, ransomware, and denial of service (DDoS) attacks. Threat actors are leveraging new technologies such as machine learning and artificial intelligence (AI) to deliver sophisticated scam and phishing messages that are challenging for users to identify as malicious. Several businesses are increasing technical efforts in critical areas, including network hardening, robust patching, anti-malware, ransomware detection applications, and multi-factor authentication to detect, prevent, and recover from potential threats. Despite that, these measures provide only a partial solution if the users who access the systems do not have good security awareness training. In this study, we review some cyber risks related to remote working and detail how they can be remediated through regular security awareness education campaigns (SAECs). The study presents the results of a proof of concept (PoC) experiment conducted to establish the value of regular SAECs in the fight against scams and phishing attacks against remote workers. The pilot results confirm that securing the remote office requires a robust SAEC. It argues that to be successful and help staff protect business systems and data, SAECs must be regular and varied, providing opportunities for staff to understand what to look for in suspicious scams and phishing emails. Moreover, they must provide opportunities for staff to practice their knowledge and understanding through practical exercises such as spam and phishing simulation exercises, which could help users avoid falling victim to spam and phishing emails.