Finally, after several months of darkness and uncertainty, there’s a light on the horizon. The vaccine is slowly but surely making its rounds and, with any luck, most of the U.S. population will be vaccinated by the end of summer.
Everyone is celebrating the prospect of a (hopefully) imminent return to normal activities — but what about a return to in-office work?
Experts say, “not so fast.” Even with the virus under control, it’s unlikely employees will be returning to workplaces in droves and settling back into their five-day-a-week office routines. After all, companies have spent lots of money making remote work possible, and employees have grown accustomed to their flexible, commute-less workstyles.
There’s no doubt remote work is here to stay, at least part of the time, but what about all those security headaches you’ve been juggling since March of 2020?
Today, we’re delivering into how you can bolster remote work security and lighten your security team’s burden:
Put the Responsibility in Your Employees’ Hands
I know what you’re thinking — if you leave security up to your workforce, you’ll be up to your eyeballs in ransomware by lunchtime. As a security leader, you see users make all kinds of rookie mistakes — like clicking links in obviously bogus emails, using their company-issued laptop for less-than-appropriate personal activities, or setting passwords a kindergartner could guess. And why would you loosen the reins when people are working remotely and even further out of the realm of control?
Because they’re adults.
Your company’s workforce is perfectly capable of managing their own online behaviors and cleaning up their own messes. (And if they’re not, you might want to re-evaluate your hiring decisions.) Just as with any other company policy, they should be expected to follow the rules and recognize there are consequences when they don’t.
By taking the time to teach them good habits through a security awareness program and holding them accountable for following your remote work security protocols, you’ll save yourself and your security team a lot of time. Sure, there will be a learning curve, but it’s much better to encourage employees to learn from and fix their mistakes rather than having you constantly intervening on their behalf.
So, where do you start?
- How to set better passwords, and how often to change them
- How to spot and report potential phishing and social engineering
- Why security updates are essential, and how to do them
- How to enable security features on personal devices
- What constitutes risky behavior on the web, and what types of websites are most dangerous
- Why you shouldn’t reuse corporate login credentials for personal accounts
- Who to contact for approval when you want to download unauthorized software
- Different types of common threats and how they can hurt the organization
Then, be sure to leverage a threat intelligence service to support your culture of security by identifying who is doing the best, and who is putting you at the highest risk (and may need additional coaching).
Don’t Just Focus on Systems — Protect People, Too
Many organizations focus on protecting their data assets and company systems from cybercrime threats — which is critical to boosting remote work security. But remember: your employees can be your best defense or weakest security link, which extends to what happens in their personal lives.
For example, suppose a major retailer is breached, and one of your employee’s information was among the compromised records. Suppose cybercriminals not only accessed the employee’s bank account but also gained access to their social security number, passwords, and other sensitive information. Or, suppose one of your executives was the victim of a social engineering attack targeting their entire family.
Once a cybercriminal has access to this sensitive data, they can easily use it to hack into your network, putting your entire organization at risk.
Even if your employees are well-educated on remote work security, there’s no 100% effective method for preventing a hack or breach — and anything that happens to your employees’ personal information could easily extend to your company.
In addition to giving employees the training they need to protect themselves on and off the clock, it’s also worth considering adding identity theft protection to your employee benefits package.
As a security leader, you know threats are only likely to grow this year — and remote work has unleashed a host of new challenges over the past several months. But, by empowering your workforce to help maintains cybersecurity and extending protections to their personal life, you can significantly mitigate risks while making life a little easier for your fellow security pros.