The COVID-19 pandemic has forever changed how companies and employees view working from home. It is estimated that 25-30% of the workforce will be working from home multiple days a week by the end of 2021. In the rush to set up remote work environments, its possible organizations and workers overlooked cybersecurity best practices. To help bridge this knowledge gap, PCI SSC has created a low cost 45-minute training to educate organizations and remote workers on the basics of working from home in a secure manner. We talk with Travis Powell, Director of Training Programs, to learn more about this new training and the importance of prioritizing security in the remote workforce.
What are the biggest security challenges facing organizations with remote workers?
Travis Powell: Some of the biggest challenges facing organizations with remote workers includes threats related to connections coming into corporate networks, such as through public networks or wireless access points, as well as risks related to employee use with personal devices or company equipment that may not be as easily maintained or configured from a remote location. Many of these new devices were put in place as part of the quick adjustment to Covid-19 and people shifting to their new work from home offices and may or may not have been properly configured or maintained in a secure manner.
Can you outline some of the best practices covered in the new training?
Travis Powell: Many of the best practices covered in training include leveraging VPN connections or personally-managed network connections when connecting to any corporate networks, disabling and/or changing default accounts and passwords on home networking equipment, and not installing or using unapproved hardware or software based on your organization’s information security policy. Additionally, users should be very careful with any suspicious looking emails containing hyperlinks, attachments or requests for information and reach out to their security team if ever in doubt or if they feel they may have fallen victim to one of these attack methods.
Can you tell me more about who should attend this training and how the training is set up?
Travis Powell: This training has been designed for all employees, regardless of technical experience. The 45-minute training has been setup as an engaging, self-guided, computer-based training, with content related knowledge checks throughout the training. We designed the training in such a way that no previous knowledge of the PCI Data Security Standard (PCI DSS) is required. In fact, no in-depth knowledge of cyber security is required. We wanted to ensure this training provides basic security awareness and practices to the broader community.
The Council placed the price point low to enable as many organizations- no matter the size- reasonable access to this training:
- $35 USD/per person for 1-99 employees
- $25 USD/per person for 100+ employees
- Customizable options for organizations seeking to train 500+ employees
Below is a 30 second snapshot of the training:
What if I am comfortable with security basics, but I want to learn more about PCI DSS and payment data security specifically?
Travis Powell: PCI SSC offers a wide variety of training programs to meet the needs of a range of professionals in the payment security industry. Some of our entry level trainings are included below:
- Payment Card Industry (PCI) Awareness training is for anyone interested in learning more about PCI – especially people working for organizations that must comply with PCI Data Security Standard (PCI DSS).
- The Payment Card Industry Professional (PCIP) is an individual, entry-level certification in payment security information and provides you with the tools to help your organization build a secure payment environment.
Learn more about all of PCI SSC’s training offerings here: PCI SSC Training and Qualification