Evolving demands of employees and industries throughout the pandemic has resulted in businesses across EMEA continuing to explore new ways of hybrid working, writes Quentyn Taylor, Director of Information Security at Canon for Europe, Middle East and Africa.
A universally recognised benefit of the shift to this model is that many of us can now enjoy a much healthier work/life balance, and this is just one of several positive changes we’ve seen. However, despite an increase in awareness around cybersecurity, many businesses have fallen victim to cybersecurity attacks and have struggled to adequately protect remote workers.
The impact of securing the home environment was the topic up for discussion during a recent panel session I hosted, where I was joined by three excellent guests: Dr Jessica Barker of Cygenta; Brian Honan, CEO of BH Consulting; and Jason Apel of NT-ware. This session provided some useful insights into challenges and opportunities for business leaders who are navigating the new world of hybrid working.
According to Jessica, the sudden need for a rapid digital transformation to remote or hybrid working meant that many organisations were unprepared for such a change. As such, many businesses did not necessarily have the adequate security tools in place, resulting in impacts such as a lack of remote access solutions, RDP being left exposed on the Internet, or VPNs not being patched properly. Jessica also highlighted the impact of the emergence of bad actors utilising social engineering cybersecurity attacks. For example, cybercriminals posing as individuals from Twitter’s IT department, who would then target employees in their homes and surreptitiously gain false access to information. Unfortunately, these sorts of tactics are likely to develop in the year ahead as cybercriminals continue to get smarter and expand their techniques. In fact, a Cynet report states that prior to the pandemic about 20% of cyberattacks used previously unseen malware or methods, with this figure rising to 35% during the pandemic.
In this new hybrid world where organisations are no longer working from one centrally managed office but are running their business directly out of people’s homes, it’s more important than ever for business leaders to be aware of the importance of good cybersecurity. This is key to protecting not only their business but also their employees in 2022 – so what lessons have been learned thus far, and how can businesses prepare?
Preparation is key
The first step is for organisations to start with clear communications and a remote management plan, according to Jason. Having such a plan in place will also enable businesses to contact employees if their platform of choice suffers an outage, for example. During the panel session, Brian suggested that businesses can take proactive steps to protect and secure their data, such as investing in enterprise password management systems – a suggestion echoed by Jason.
Mix up your message delivery
Firstly, organisations should ensure their communications and guidance are tailored and relevant to the audience – that is, their employees. One of the key points discussed during the session was the importance of giving short, sharp security briefings to employees, as well as focusing on outcomes and actions as opposed to policies. This is helpful for securing and maintaining interest, and such briefings can be provided in more innovative and exciting ways than “death-by-PowerPoint”.
Businesses should also consider the use of innovative training methods in the year ahead, which have been proven to be highly effective. The simple utilisation of things like bite-size videos – for example, an educational video on how to spot a phishing email “informing” the reader of a parcel delivery cost – is often well-received. Businesses can also tap into immersive experiences, such as virtual escape rooms, breakout rooms with challenges, and even quizzes or crosswords. They can even take it a step further by providing prizes to encourage teamwork and engagement – after all, who doesn’t like to be rewarded for their hard work?
Create cyber security champions
It’s no secret that IT and InfoSec teams can be hard to get hold of, and often employees will feel removed from this area of the business. By nominating cybersecurity champions within the business – that is, a number of trusted, go-to people to act as the voice and ears of cybersecurity – employees can feel confident in who to go to when they want to ask questions.
This is also beneficial from a business perspective too, as layering security through a champion network is a great method for businesses to scale up their cybersecurity messaging and encourage openness.
Reward, don’t punish
It’s important for organisations to encourage and celebrate good cybersecurity practices rather than punishing people for errors. You will never motivate your employees to pay attention to cybersecurity if an atmosphere of fear is created around the topic – in fact, it’s more likely that they’ll switch off from it altogether!
The human side of cyber
The pandemic has resulted in many businesses realising they are fundamentally at a business disadvantage. The rapid shift to hybrid working gave many organisations the boost they needed to strengthen their overall position in the cybersecurity landscape. The topic is more of a business priority than ever before and is now being taken far more seriously at board level – but this momentum must be continued and should trickle down to educating employees.
Employees need to also understand why they should care about cybersecurity. Ultimately, it’s about more than trying to protect a device or connection – as observed by Jason, it even boils down to protecting an employee’s identity and the business that provides them with an income. Jessica advises that by focusing on the human side of cybersecurity, businesses can ensure that their messaging grabs the attention of their workers and resonates with them on a personal level.
This will be the all-important key to encouraging a positive mindset and attitude to cybersecurity in the year ahead, enabling organisations to feel confident that their business and employees are aligned and that any issues can be tackled together.
