RSS Feed

Feature

More Articles: Latest Popular Archives

How to foster a safe and secure cybersecurity culture

Ali Neil - Verizon Business

Over the past 18 months, global working culture has changed, indefinitely and irreversibly. The pandemic tipped the traditional office environment paradigm on its head overnight, both encouraging those already exploring remote working to fast-track wider application, while also forcing reticent organisations into adoption purely to keep the lights on.

Encouragingly, many of those reluctant brands have since woken up to the numerous and widespread benefits of a remote – or at least hybrid – workforce. Employee agility, flexibility, and autonomy have all contributed to productivity spikes and improved mental wellbeing. In fact, many employers predict their remote workforce will double when travel and societal restrictions are eventually lifted.

However, it’s not all been plain sailing. Equipping employees with the right tools to work efficiently, keeping them engaged from a work and mental health perspective, and ensuring they’re working safely and securely – all represented huge challenges for HR and IT teams to tackle.

The latter, especially, has proven a tough nut to crack. Indeed, according to UK Government data, four in 10 businesses suffered a data attack or breach during the past 12 months, while our own 2021 Data Breach Investigations Report revealed that the human element accounted for 85% of breaches.

Clearly there’s a security issue associated with remote working, and however unwittingly, employees are putting their companies at risk. So, what can HR do to enable, equip, and empower their people to embrace the benefits of remote working, while at the same time safeguarding their employer?

Four recommendations to encourage secure remote working

1) Reduce risky behaviour
This one may sound obvious, but fostering a culture of responsibility and accountability across the entire business represents the key building block for teams looking to establish safer working practice. Recommendations include:

  • A clear and robust remote working policy: Most teams will have been working meticulously on these over the past couple of years, but the policy itself is only half the job. Letting employees know about its existence isn’t enough, they must know it back to front, and understand its application in a practical context. Consider regular training sessions that engage the employee with use cases and danger scenarios, to ensure they aren’t merely glancing over it as a box-ticking exercise. Remember that employees are the first line of defence against any cyberattacks against a business.
  • Create a culture of trust, not fear: Employee accountability and responsibility are one thing, but HR teams must be careful not to create a culture of fear. The serious ramifications of security breaches must be communicated, yes, but this must not evolve into a blame culture, where the employee is either constantly living in fear, or is too scared to report suspicious activity for fear of the reprisals. Educate employees on the routine signs of common attacks types and make it as easy as humanly possible for employees to flag suspicious activity.

2) Manage your apps
Wholesale remote working brought with it an influx of apps and pieces of software promising to solve all your business needs. From online video tools to workflow management systems, and employee engagement apps to virtual onboarding platforms, employers have a wealth of app options to choose from, and it’s usually down to HR to roll them out. In fact, according to our Mobile Security Index 2021, three-quarters of businesses said their reliance on cloud-based apps is growing. Recommendations for increased app security include:

  • Select apps only: Ensure your employees are exclusively using apps that have been approved and verified by the company. It can be easy to switch apps when chatting with clients, or take a conversation to WhatsApp while talking shop, but employees must ensure they’re using the right apps for the right tasks.
  • Update, update, update: Cybercriminals evolve fast, and therefore apps must do too. Make sure your employees aren’t putting off applying the latest patches across all their apps. Also, make sure they’re updating apps across their devices – for example, if Microsoft Teams hasn’t been updated on their mobile, it makes their laptop update completely pointless.

3) Protect your devices
The overnight transition to remote working meant many employees had to quickly come to grips with new devices, such as mobile. This, coupled with the fact 40% of businesses see mobile devices as their biggest security risk, highlights the importance of robust device security. Recommendations include:

  • Public device safety: As society returns to a semblance of normality, many employees will be keen to get out of their homes and work in public places, such as cafes or restaurants. Ensure that employees understand the risks of leaving any work device unattended, as well as connecting to public networks.
  • Lost or stolen process: If a device is lost or stolen, make sure employees know how and who to report it to. A quick flag can make a huge difference between criminals getting their hands on valuable data or not. Consider using mobile device management (MDM) software to remotely lock access to any stolen or misplaced device. MDM software can also remotely erase data or retrieve back-up data from a missing device.

4) Be smart about networks
Overnight, most companies lost the reassuring presence of a physical IT team and an on-site secure network. Home Wi-Fi just doesn’t possess the same level of security features as business networks. Recommendations include:

  • Consider VPNs: Virtual Private Networks (VPNs) provide employees with a safe and secure route to working remotely. Ensure any VPNs are regularly patched, and make sure employees are educated on how to best use them, and in which scenarios they work effectively.
  • Bolster home Wi-Fi: Even if employees use a VPN while working, they must also be made aware of the dangers of all other devices that are connected to their home network. All it takes is one connected device (such as a boiler or doorbell) to be breached, and attackers can spread their net to snag work-related data.

Remote working is here to stay
Despite the uncertainty and widespread disruption caused by the global COVID-19 pandemic, one thing is for certain – many of us will never return to the five-day office culture. While this is an exciting proposition for employees and businesses alike – with wellbeing and productivity benefits galore – it’s crucial that we don’t lose sight of the inherent challenges of managing a remote workforce.

The security industry has long been urging businesses to stop treating it as an afterthought, and the pandemic has lent even more credence to this call to arms. Cybersecurity must be embedded deeply into the culture of an organisation, and HR has a critical role to play in this dissemination, especially when it comes to the new hybrid working model that will dominate much of the world in the years to come.

    Receive more HR related news and content with our monthly Enewsletter (Ebrief)