Train Workforce on the Dangers of Connecting to and Transmitting Enterprise Data Over Insecure Networks
Description
Train workforce members on the dangers of connecting to, and transmitting data over, insecure networks for enterprise activities. If the enterprise has remote workers, training must include guidance to ensure that all users securely configure their home network infrastructure.
Implementation Checklist
Tool Recommendations
Security awareness training platform with simulated phishing, interactive training modules, and compliance reporting
KnowBe4 · Per-user subscription
Adaptive security awareness and behavior change platform with targeted training based on real threat data
Proofpoint · Per-user subscription
Phishing simulation and security awareness platform with real-time threat intelligence and incident response
Cofense · Per-user subscription
Threats & Vulnerabilities (CIS RAM)
Threat Scenarios
Credential Interception on Public Wi-Fi
ConfidentialityA remote employee connects to an open public Wi-Fi network and accesses enterprise resources without VPN because they were never trained on the risks of insecure networks, allowing an attacker to intercept credentials.
Man-in-the-Middle Attack on Insecure Home Network
ConfidentialityAn attacker compromises a remote worker's default-configured home router and performs a man-in-the-middle attack, intercepting enterprise data because the employee was never trained to secure their home network.
Evil Twin Wi-Fi Attack at Travel Location
ConfidentialityAn attacker sets up a rogue access point mimicking a hotel Wi-Fi network, and a traveling employee connects to it and transmits sensitive enterprise data because they lack training on insecure network dangers.
Vulnerabilities (When Safeguard Absent)
Remote Workers Unaware of Network Security Risks
Without training on insecure network dangers, remote employees routinely connect to untrusted Wi-Fi networks, use default home router configurations, and transmit enterprise data over unencrypted connections.
No Guidance on Securing Home Network Infrastructure
Remote workers who have not received network security training operate on home networks with default passwords, outdated firmware, and no network segmentation, creating pathways for attackers.
Evidence Requirements
| Type | Evidence Item | Collection Frequency |
|---|---|---|
| Technical | Configuration screenshots or exports showing protection controls enabled | Captured quarterly |
| Document | Procedure documentation for protection measures | Reviewed annually |
| Record | Training completion records and compliance rates | Tracked continuously, reported quarterly |
| Document | Training content and curriculum documentation | Reviewed annually |
| Document | Governing policy document (current, approved, communicated) | Reviewed annually |