Remote employee Rekha felt stressed and guilty.
Following a series of spear phishing emails that impersonated the CEO, her company had sent out a series of intense emails noting that the security system had been compromised, that employees should avoid clicking links in emails, and that anyone who had recently utilized public wifi should report immediately to the InfoSec team.
Having enjoyed the flexibility of being able to work from anywhere, Rekha now felt that she was being put in time out or sent to the principal’s office. Despite her best efforts to maintain high security standards, she now felt personally responsible for the chaos and data breach that ensued.
The new work-from-anywhere and its cybersecurity impact
While back-to-office is a definite reality, the pie for hybrid and remote work continues to get bigger across industries. And no, it isn’t just the home office that’s winning. As digital isolation and anxiety remain top barriers to well-being and productivity, remote employees often seek new, positive environments… a neighborhood café… a co-working space… parental homes… or a cabin in the woods that’s a quick drive away.
The trend doesn’t just hold for remote workers or digital nomads. Even those attending traditional office on all or some days of the week, are working well outside of office hours. This may mean finishing decks late into the night from their home or catching up on emails on commute. This new, work-life integration culture demands more than secure systems in the cloud.
No matter the size of your business, it’s critical to build a culture of authenticity and accountability. It demands sensitizing every employee to the cost of data and privacy breaches – financial implications, trust erosion, and loss of business. The risk is huge when you consider susceptibility – companies that experience breaches experience as many as 4 cyber security attacks in just a year.
Top ways businesses can address growing cyber security risks
As a business leader, this demands you to go beyond setting up secure systems. You have to build defense strategies assuming cyber-attacks as the norm. This requires nurturing a culture of remote work security. Use the list below as a checklist to determine whether your team is on track now.
- Invest in employee awareness
- Release annual work-from-anywhere security guides
- Lean into employee challenges
- Invest in identity and access management
- Take a proactive approach to maximize security
1. Invest in employee awareness
All your employees – remote, hybrid, and in-office – need to be regularly made aware of emerging threats that loom. You might be surprised; even your most responsible may not be aware about the actual financial and non-tangible cost of cyber-attacks. This is even more true when employees are logged into systems and devices managed by your company. For instance, Rekha assumed her company was doing everything needed to keep her work system secure.
Sending out regular communication is only the first step. To make your cybersecurity program effective, align to a future goal. Most businesses today make the classic mistake of evaluating their awareness exercises in the context of the past.
It is equally important to educate employees using case studies instead of mere statistics. Optimism bias is your top enemy, especially in the case of in-office and hybrid employees… it’s just a quick email pitstop in a café… I only need 15 minutes to wrap up this presentation before heading upstairs to the client’s office…
2. Release annual work-from-anywhere security guides
Cybersecurity awareness levels have only been growing. But the same cannot be said about employee diligence. Surprising as it sounds, employees even risk your business data and privacy intentionally. This demands you to formally and frequently communicate expected employee behavior.
As a mid or small-sized business, you might ask – “How do I put together an annual cyber security guide that does the job without costing me a fortune?” We would say don’t spend precious hours trying to get everything right.
Focus on the norms and guidelines you want to convey. And onboard vendors with the expertise to engage employees with innovative solutions. This can ensure your annual releases aren’t just a checklist exercise but move the needle on employee sensitization
3. Lean into employee challenges
Your best ideas and intentions can fail if you don’t understand your company’s employee psyche. Conduct regular surveys and tune frequently into employee sentiment using intelligent EX management. Employees who have been victims of security breaches, personally or professionally, should be your priority respondents.
In the near future, companies that succeed at balancing employee flexibility with data security and privacy will have one thing in common – they will all put human vulnerability at the core of their approach over logical thinking.
This also demands that your guidelines allow for fluid feedback from employees. A collaborative, evolve-as-you-go approach is key to helping employees work from anywhere. Remember, your goal isn’t to alienate work-life integration, only to make it so much more secure.
4. Invest in identity and access management
The buck for cyber security stops at you, even if it is your employees who are adding to the risk. As many as two-thirds of your competitors acknowledge this reality. Identity and Access Management (IAM) is a potent tool to tackle data and privacy attacks targeting remote employees.
Consider the value you can get from Identity Threat Detection and Response (ITDR) technologies in terms of both – cyber security and employee experience. For instance, enabling Privilege Access Management (PAM) may be perceived as an enabler by a certain senior employee. For another, it may come across as a hindrance to their privacy. Make sure you consider the mid to long-term impact of your IAM ecosystem.
5. Take on a proactive approach to maximize security
The most vulnerable systems are those that lack active monitoring and pre-emptive interventions. A digital-first business environment cannot thrive without a culture that supports work-from-anywhere and work-from-any-device. This is true for all employees – office-going, hybrid, and remote.
This demands a relentless approach to data security and privacy at your end. For instance, leverage predictive AI to identify employees or identities that are at risk in real time. Build a Continuous Threat Exposure Management (CTEM) practice that aligns with your business priorities.
For instance, you may send dummy identities out there to deflect threats before a big launch. Similarly, you might choose to conduct mock drills before a long weekend to raise employee awareness.
Ensuring data security and privacy in a flexible work environment does not come easy. But when done right, it works to deliver multiple wins. This includes enhanced customer trust and business. Where should you start?
Stick by the right intention and communicate it to every employee – maximizing flexibility and safety is the only way forward. This demands everyone on the team, including your CIO, to think like the bad guy and act like a superhero. That way, they will always be two steps ahead of a potential attacker, even when working out of their favorite café, watching the rain.
Is your team on track? Check their readiness with a quick assessment!
