When you’re looking at cybersecurity from a company perspective, responsibility usually falls under the purview of the Chief Information Officer (CIO). However, millions of SMBs throughout the USA depend on their general staff to handle multiple tasks, cybersecurity challenges included.
The idea that enterprise-scale specialists can solve everyone’s hacker problems is unrealistic. For one thing, not every business has a CIO, and for another, even in businesses where the CIO plays a pivotal role, is it fair to shift 100% of the responsibility onto their shoulders?
Let’s explore why there’s so much more to cybersecurity (and its challenges) today than ever before.
Remote Working
Corporations have latched on to the remote work revelation that changed the lifestyles of millions. Office workers in every industry have shifted seamlessly into being just as effective from home offices. From the employee viewpoint, this means freedom and flexibility. However, it’s a hot mess from a cybersecurity viewpoint, having turned everything upside down.
Security barriers installed by IT departments in the company office may have effectively deflected hacker attacks. But how does that matter now that cyber-criminals know all they have to do is breach home internet/Wi-Fi protections? The latter, by comparison, are amateurish at best!
In fact, the study above adds plenty of points to a growing list of reasons why remote working has become a significant cybersecurity challenge:
- Devices that were previously contained within secure company premises (like laptops and desktop computers) are now in employees’ homes.
- More than 50% of home office devices deployed for company business are staff-owned.
- Internet communications, online access to documents, team interactions – previously centrally controlled – are now spread far and wide.
- 71% of security leaders have no insight into the home office networks or adherence to security protocols.
- Many employees using mobile devices for company tasks tend to work from Starbucks and other similar locations that have no Wi-Fi firewalls.
The challenges above only touch the surface. Home cybersecurity protections, in general, can never pass a professional CIO’s standards. For example – the following are three of numerous items that let bad actors into a company’s data banks:
- Fractured password protocols
- Failure to track document flow and access
- Opening malware impregnated emails (even inadvertently)
Indeed, the CIO’s job description has expanded dramatically on the remote working front.
Nonetheless, without cooperation from the relocated staff, the hacker defense programs will be a disappointing failure. Even though relatively unsophisticated (versus dedicated IT experts), employees must be willing and ready to uplift digital and internet protections around the house. It probably means embarking on a new experience curve that will add responsibilities to existing job descriptions. In short, there’s no escaping the need for cohesive teamwork involving everyone.
Cybersecurity, aside from the remote work challenges
Early in 2020, around the first appearance of the pandemic, another viral event hit the country – cyberattacks. It created panic as ransomware mongers brought mega-corporations to their knees.
Indeed, company boards of directors (i.e., 88%) raised cyber breaches as a high priority concern and acknowledged that the CIO alone could not counteract them. Moreover, this high concern level was up by over 50% versus five years ago – a flashing alert if ever there was one.
Even so, things are not moving fast enough – not by a long shot. Rebalancing cybersecurity responsibilities and bringing employees across the board into the arena isn’t evident in most businesses. Indeed, stakeholders and business leaders involved in strategy development haven’t taken the time to understand cyber threats fully.
- For example, our most valuable asset – proprietary data – is under the constant shadow of cloud insecurity.
- Cyber-criminals understand that and are relentless in their attacks to steal our records and files, especially when it involves millions of consumers’ ID information.
- Yet, C-suite decisions stream through to the lower levels, mostly without considering how these impact the protection of company assets. The agreement to remote working as a mainstream option (noted above) is a case in point.
As a first step, it’s vital to appreciate that cybersecurity is bigger than one executive and more extensive than an entire IT department.
Instead, it’s a shared responsibility that every staff member working around sensitive information and communications should accept. In doing so, here are some things businesses need to keep in mind:
- Every business, massive or only employing a few people, must establish a cybersecurity policy that everyone involved can wrap their minds around.
- Incorporate an accelerated pace to control zoom conferencing, data storage, and accessing cloud archives.
- Ensure the strict implementation of password protocols without exception, and encourage employees to learn more about digital safeguards – a protocol that needs to extend to employees across the board, no matter their location.
- Divide things down by short-term and long-term priorities to inject perspective into our thinking.
Here are some of the pivotal questions driving cybersecurity solutions forward
Companies must answer the following questions honestly, with forethought, and move heaven and earth to come up with answers that put them to bed:
Question #1: Are businesses making risk-informed decisions taking security implications into account?
I daresay that the honest response is a resounding “no” for many decision categories. So, do we hold off on the new moves or take the risk if the safeguards are imperfect? Knowing the entrepreneurial spirit, I’d guess that initiatives go ahead irrespective of the cyber consequences. And this is a significant factor playing into why we are where we are.
So, a constructive approach would be to:
- Begin with personnel professionally employed in the cybersecurity arena.
- Then integrate other staff members relevant to the situation.
- And use the combined contribution to derive a cyber-protection solution that makes sense.
Question #2: Have we done an audit of our security preparedness and evaluated every item in the plan to protect our digital assets?
Again, the starting point here is the CIO and their teams. They need to provide a transparent picture of the entire security landscape, pinpointing the gaps and highlighting the strengths.
Moreover, a report signifying where employees should integrate into the process – when, why, and how – will get the ball rolling quicker. However, a move like this requires earmarking cybersecurity as a fundamental and crucial project so that everyone takes it seriously.
Expect CIOs to point to the critical metrics behind their observations and recommendations when taking this program in hand. Without data supporting changes, it will only lead to heated debate and probably disagreement at the board level!
Question #3: How do we assess and implement security program alterations?
You will need input from every department, marketing, sales, production, legal, accounting – you name it! These divisions, through specialization, see the world differently and have a broad range of interpretations as a result. Still, their feedback is invaluable for strategic directives that cover all critical options, thus impacting the course of events for years to come.
Conclusion
It makes sense to initiate a policy that requires shared responsibility for cybersecurity moves. It underlines that there’s no avoiding an all-embracing theme of combating cyber-criminality together. The emerging vision is as clear as day when one adds in remote working as a viable employment option. The best way of tackling this sometimes overwhelming challenge (shoved at us every time there’s a cyberattack) is as follows:
- Allow the staff to contribute to policy, with the proviso that it affects all parties once implemented.
- Outline the drawbacks and benefits, and never forget to attach the costs. The more awareness is created, the better it is for accepting responsibility.
- Don’t underestimate the value of an engaging employee experience (EX). Our staff appreciates the invitation to contribute. It motivates them even more if they see their suggestions coming to fruition. If you openly recognize genuinely innovative concepts, it will undoubtedly boost your company’s employee loyalty rating.
The bottom line is that spreading the cybersecurity responsibility across the business divisions can pay massive dividends. There’s a double-whammy benefit in that it resolves an urgent strategic obstacle facing every business in 2022 and simultaneously builds staff motivation.
In other words, management should appreciate that these initiatives offset employee churn. It requires a team effort to integrate new norms into the corporate culture. Sogolytics can help you better understand the voice of your employees, hear their feedback and perspective, and help you follow to ensure that every employee feels heard. This is especially critical when it comes to understanding how remote working impacts cybersecurity, empowering your business to prioritize and address key concerns!
Contact us to learn how Sogolytics can add value to your business, empowering a more cohesive work culture to implement measures that keep both your employees and customers secure.
