With more employees working from home than ever, companies must be vigilant to protect themselves from evolving cybersecurity threats. Your cybersecurity team has likely been hard at work maintaining privacy and safeguarding the enterprise, even as shifts in the workforce present new challenges. But as most cyber professionals know, a major hurdle in risk management is making sure the entire organization values security and is doing all it can to protect the company’s reputation and assets.
The key to communicating the importance of cybersecurity within a company is to use the established means of communication. Work with the point person for internal communications to emphasize the importance of cybersecurity awareness and encourage compliance through regular reminders. Determine together the best means to disseminate and consume this information company-wide, whether it’s through an e-newsletter each week or a special awareness campaign.
These regular cybersecurity updates should cover the company’s security practices, which can include:
All companies want to protect themselves from cybersecurity threats and data breaches. Communicating the importance of maintaining security practices will go a long way in creating a security-focused culture.
Phishing continues to be the top entry point of data breach and compromise. The Verizon 2019 Data Breach Investigations Report confirms phishing as the top threat and that cyber attacks are successfully executed with information stolen from employees who unwittingly give away their login and access credentials.
The ideal cybersecurity strategy uses tools and practices that aim to prevent attacks against all systems and people. Cyber solutions, including security products and the people behind them, can only take security so far and ultimately fail. Regardless of the budget a company spends on cybersecurity or the number of products it employs, the actions of a single person can impact the organization. Awareness campaigns arm people with the skills and, hopefully, the skepticism to avoid common cyber threats, supplementing the technical controls put in place by cyber teams.
Extensive working from home only adds to the problem. The environment is target rich for phishing opportunities. People are working in a more casual environment using unfamiliar tools. Emails and alerts prompting users to reset a password or click on a link about a COVID-19 update can fool even cautious employees during this time.
The most immediate step cyber teams can take is to revisit remote access security practices and make sure employees are aware of the increased threat from phishing scams due to the coronavirus outbreak.
Infosec and cybersecurity teams have been putting out fires and given additional responsibilities for weeks as companies rapidly shift to this new work environment. While cybersecurity professionals often thrive in high-pressure situations, weeks of long hours and growing stress levels can take its toll on morale.
Security managers should continue to advocate for their team; push for the funding you need to give them the right tools and full staffing levels. Check in with your staff to gauge stress levels and create ways to address burnout, whether that be more time off or more staff to spread out the workload.
Cybersecurity is one area of business that’s often a victim of its own success—when you’re doing your job well, no one knows you exist. This can also make advocating for more resources difficult. Cybersecurity attacks cost businesses large and small not only financially, but target their reputation and put them at risk of failing, according to the business strategy firm Accenture. Investment in cybersecurity now, even when budgets are shrinking, will pay off in the long run.
Information security departments can sometimes take security measures for granted. It’s easy to forget that employees may not use 2FA unless prompted to, or have been recycling the same three passwords for years. By using the internal communication systems to better educate employees of emerging threats, enhancing security practices to increase your cyber resilience, and taking care of your cyber staff to avoid burnout, you will better protect your company’s assets and help contribute to the long-term growth of the company.