Cybercriminals are attacking company security defense systems from every direction, and they do it with an evolving ingenuity that frequently upstages our best efforts. Once they penetrate the first level in the network, there’s no knowing the routes their malware can take and the damage it can cause. Businesses in general, as defenders, are constantly on the backfoot, reactive instead of proactive. It’s not a matter of if there’s a technology breach coming down the pipeline, but when.
So, this brings us to a crucial question: Are you ready to counteract the enemy and deflect the fireballs they throw at you? Or are you sitting tight, hoping for the best? The latter won’t carry much weight if your systems are down, the staff is sitting idle, and revenue is draining away…
Businesses must be one step ahead of hackers
If ever the term “teamwork” entered the conversation, it’s a headline in the cybersecurity challenge. Management can’t do it on their own. Company asset and data protection should be imprinted in everyone’s job description, implicitly or explicitly. The advice for 2022 is to make cybersecurity the responsibility of every person in the operation on some level:
- Out of sight, out of mind is a fact of life but poison when it comes to keeping hackers at bay.
- Create awareness through training and ongoing communications with every individual involved in the business.
- Pinpoint the vulnerabilities, simultaneously instilling in the staff how they are the best cybercrime defenders individually and together.
The cybersecurity arena is not an EX outlier or something you must force into HR planning. That’s because staff participation in strategic decisions and feeling part of a developing picture are primary motivators. Also, recognizing significant contributions to the company’s operational improvement consolidates employee retention. What better way to inject these qualities into the employee journey than on the cybersecurity platform. Indeed, there’s a dual benefit there for the taking:
- More motivated, committed staff on the one hand.
- Tighter cybersecurity prevention, on the other hand.
Need another big reason to draw employees into the cybersecurity solution?
In two words, that reason is “remote work.” Think of it this way: Before COVID-19, a huge percentage of employees worked inside a physical office location. Company devices, mostly desktops, stayed in one place, with many organizations also restricting laptop removal from the premises. Finally, password protocols and data access attained enterprise-level control with an in-house IT department focused only on corporate locations. All of a sudden, that changed.
- Remote working became the in-thing, and even after the pandemic threats faded, employees were reluctant to let it go.
- Corporate devices spread far and wide, operating under home-grade Wi-Fi and password filters.
- Data contained on office-centric computers were all over the show, sometimes transferred to employee-owned devices.
- Employees working from home often wandered off for a few hours to work out of a Starbucks or another location with public Wi-Fi.
The ideal: What should have been done
As soon as remote working emerged, the IT department’s responsibility was to ensure that the stringent protocols practiced previously transitioned into every home office. It meant getting every remote worker – many technologically challenged – to cooperate. In addition, understanding the potential dangers of opening devices in public Wi-Fi environments was imperative. And, then, how do you protect data if the employee resigns with it sitting on a home computer (even if company-owned)?
IT needed to nail all this down by creating awareness, on-the-job training, and establishing policy. However, without the willingness and co-operation of every staff member, the task is nigh impossible.
The reality: What was done
A London School of Economics paper by four authorities in the field confirms that the sudden shift to remote working has severely fractured cybersecurity protection frameworks. It goes on to say that this has resulted in thousands of improvisations and incidents never previously contemplated under traditional work conditions. For example, it cites the case of a top-level executive’s teenage daughter. She intermittently used her father’s corporate device to surf the web. She ended up taking a free IQ test offered by an advertisement. Risks, anyone?
Hackers and cybercriminals know that corporate controls haven’t kept pace with the changeover. Data moves around in virtual space, ping-ponging from one private residence to another. The firewalls that formed solid defenses are frequently impotent, and home passwords are sitting ducks for sophisticated cyber-gurus to crack. Companies are playing catch-up but failing miserably. The best solutions must involve the employees by motivating them to accelerate the cybersecurity processes.
The giant email loophole
Verizon’s latest Data Breach Investigations Report revealed that phishing and pretexting accounted for 93% of all social breaches surveyed. Moreover, emailing activity was hackers’ number one attack tactic by a long way (96%).
The internet is an integral part of our lives; receiving and sending emails are everyday events. In business, it’s an indispensable communication channel. Believe Verizon when the company says that the best way to infiltrate a system and imbed malware is via messages to staff email accounts. The cybercriminals know it all too well. Therefore, they go to extra lengths to construct legitimate-looking (but bogus) communications from government agencies, customers, and suppliers – sources most of us trust. And who lets them through the door? Unwary, ignorant, or disinterested employees. Once someone opens an email and clicks a link, the cyber damage is in the works and infiltrating away.
EX should unquestionably include training in email protocols and how to counteract malicious messages. Indeed, an alert employee’s astute detection of contaminated material should receive board recognition and possibly reward. That’s how critical it is to the bottom line. The latter policy will incentivize everyone in the company to climb on the bandwagon, joining the fight against cybercrime.
Ransomware attacks and their EX impact
A ransomware attack is one of the very worst things that can happen to any business.
- The hackers encrypt all the stored data to the point that everything comes to a standstill.
- Nobody can get into meaningful files, find communication details, or look into customer information.
- Everything is frozen in time until management pays a ransom.
- The ripple effects are far worse because it neutralizes and demotivates your staff.
- Without their devices generating data, they’re as good as being on leave.
- Anyone in a company facing this dilemma will quickly lose enthusiasm.
Best advice? Prepare for the worst and hope for the best. Comprehensive backup strategies attached to cloud storage are the ultimate in ransomware prevention. Again, ransomware creeps into the system, probably due to an email glitch. It all circles back to making cybersecurity part of employee journey from onboarding then on and on for the entire lifecycle. It also helps to inform employees of the expectations on termination and resignation. For those accessing sensitive data, non-disclosure agreements should enter the discussion when finalizing employment contracts. The more transparency you can create, the less fallout if things go wrong.
The takeaway is that you can’t separate EX from the cybersecurity challenge. The two are joined at the hip. It calls for a crucial shift in management thinking, where previously, they regarded digital protection as the exclusive domain of IT. The latter cannot meet the demands of change going into 2022 unless everyone in the business is onside and ready to play their part. Sogolytics is at the cutting edge of these initiatives. Contact Sogolytics if you need assistance with any part of your EX or customer experience planning.
