- Security TWENTY
- Women in Security
Chris Hodson, CISO of cyber security product firm Tanium, offers three ways to keep your remote workers cyber-safe and secure.
Now that many organizations have met the technical challenges of working remotely, the biggest challenges are around cybersecurity and people. Unless these issues are managed better, and soon, many could suffer significant cybersecurity risks.
Why? Because remote employees are under pressure to keep their productivity high, and they’re working longer and longer hours. Yet at home, life continues to go on around them. Children need help with remote learning. Spouses and roommates need space for their own work. Pets clamour for attention and care. This is precisely when cyber-security standards can start to slip.
Further, with so many people now working from home, they’re no longer getting in-office reminders about their organizations’ cyber-security best practices. Also, many remote workers are using their personal devices, some of which their IT departments may not even know about, let alone have authorised.
Given these dramatic changes, how can your IT team continue to instill a culture of cybersecurity and promote best practices that can keep your entire organization safer? Here are 3 powerful ways:
> Make them smarter: Cybersecurity training and education is not optional, it’s essential. And given highly distributed working environment, it’s more important than ever. Without training, how else will your employees become aware of their vulnerabilities to cyberattacks? And how else will they learn about the malicious techniques used by bad actors to exploit your organization’s security weak points?
Of course, with most live meetings cancelled, cybersecurity education today needs to be conducted via either videoconferencing or computer-based training courses. But this still needs to be done on a companywide basis. All remote devices, no matter which departments or functions they’re used by, are now part of the new risk profile.
Also, with most workers now off-site, organizations need new ways to remind their employees to follow their cybersecurity best practices. That might include delivering best-practices training in regular yet brief “bite-sized” sessions.
> Lower BYOD’s impact: The policy of “bring your own device” may have given many remote employees a great deal of new flexibility, but for IT departments, BYOD is one tough security challenge.
BYOD can become a problem when an organization lacks visibility into its many remote computing assets. Another risk factor comes about when the CISO is unable to remotely wipe data in the event of an incident, such as a BYOD device being misplaced or stolen. Other issues can center on identity and access management (IAM), patching and updating remote devices, and ensuring the data integrity of sensitive information.
Yet another related issue is so-called shadow IT — that is, IT systems and software purchased without the IT department’s authorization or sometimes even knowledge. To reduce this threat, employees must be told that “shadow” devices can create serious cyber risks. Then, even if a device was acquired without the IT department’s authorization, employees need to tell IT about it. Only with this information can the IT group ensure that all the organization’s devices are up to date, as secure as possible, and adhering to the organization’s current IAM policies.
> Keep up the cyber pressure: After the pandemic hit in early 2020, business leaders worldwide did an admirable job of rapidly shifting their employees to remote work, often accompanied by only limited disruptions or downtime. Impressive as this was, now is not the time to ease up on the security protocols that have served us so well. On the contrary, now is precisely the time to keep your security foot firmly on the gas.
This pressure should include clear, consistent and regular communications with your remote workers. They need to understand all the security risks of working from home, the need to protect personal edge devices, and how to protect both themselves and the organization from the latest threat tactics.
Adopt these three tactics, and you’ll be taking big steps toward keeping your remote workers, and your organization, cyber safe and sound.
About the author:
Chris Hodson is the Global CISO at Tanium. He has an SME background in strategy, architecture and design. He has 18 years’ professional experience across the financial, retail, energy and media industry sectors. In early 2016, Chris made the move from end-user into the vendor space with Zscaler, where he operated as CISO, EMEA and Data Protection Officer. As a CISO, Chris is an advisor to executives, board members and others, helping them define strategies for managing risk and improving business outcomes. Chris holds an MSc in Cyber Security from Royal Holloway, University of London; and retains an active role in the info-security industry through directorship of the chartered institute, the IISP and membership of CompTIA’s Cyber Security Committee.