Organizations face a number of difficulties regarding patch management of endpoint devices, especially as employees use their own devices from home during the pandemic.

While there are some employees who possess knowledge rivaling IT workers, Don Cox, former chief information security officer at Mednax, estimated about 60% don’t know the ins and outs of technology. It’s that population in an organization that needs to be targeted in training to ensure a company's security posture does not suffer.

“Today, you have the challenge of people not wanting to learn more about the device they’re using,” he said. “Same thing with a car: you get in the car and drive it — you don’t know the safety features.”

Cox, who spoke with Deputy Editor Bradely Barth during an on-demand virtual event for CyberRisk Alliance, said that even with training, another risk comes from not knowing who else in a household is using the device. “Now you open up your organization to risk, to malware — viruses.”

Click here for access to CyberRisk Alliance’s eSummit “New methods for protecting front-line devices” virtual event on demand.

There are a number of things security teams can do to encourage good security, said Cox, such as sending newsletters offering tips, making a company-wide announcement of security campaigns, and even gamification.