Skip to main content
. 2022 Jun 17:51–87. doi: 10.1016/B978-0-323-90570-1.00001-2

Table 1.

Implementing “Recommended mitigation against social engineering” to WFH users.

Stages Description
Stage 1 The IT department are required to organize a short online module with quizzes and answers to teach working from home users about social engineering attacks and its potential to spread ransomware
Stage 2 All working from home users are required to complete the short modules with quizzes and answers before moving to stage 3
Stage 3 Using any online face-to-face medium, the IT department are required to personally teach working from home users about the concept of social engineering. Repeat if working from home users have not yet understand the concept of social engineering
Stage 4 Using any online face-to-face medium, the IT department must demonstrate how to respond appropriately to potential social engineering attacks. For instance, the IT may say that if you are asked to give your username and password to suspicious sources, one must be able to deny it request. Repeat if working from home users have not understood how to respond appropriately to social engineering attacks
Stage 5 Using any online face-to-face medium, the IT department are required to go through all the “Best practices against social engineering” with working from home users. For instance, IT may show to working from home user how to correctly install a prescribe antimalware and how to update it regularly. Repeat if working from home user have not understood how to appropriately apply the security control measures from “Best practices against social engineering”
Stage 6 At this stage, working from home user would now have a strong comprehension about the concept of social engineering, how to appropriately respond to it, and how to appropriately apply the security controls measures from “Best practices against social engineering”
Stage 7 Every 6 months, the IT department must go through stage 2 with working from home users to ensure that they are up to date with their skills. Stage 3, 4 and 5 are other optional stages working from home user may wish to go through again to help rejuvenate their training
Stage 8 In the future, an organization may recruit new working from home users. The IT department are required to go through stage 2–7 with the new working from home users