Maximizing the safety of your company’s network and your employees start with human behavior. Fully 90 percent of cyber attacks result from human errors, often from non-IT employees who unintentionally expose the company to bad actors. In a COVID-era, remote working and hybrid offices complicate the issue by increasing exposure and risk to corporate digital data. How can CEOs balance the requirement to protect the business from attacks with offering remote and hybrid work roles that can attract dedicated top talent? Here are a few tips for controlling data access, managing unauthorized applications, and conducting cybersecurity training.
- Control the Right Access
Remote workers and those in hybrid environments bring access and control questions. These employees spend time working from home, or at a Starbucks, or from a Vegas hotel room. They are not constrained by location, which is great for morale, but complicates corporate IT access. From the C-suite point of view, managing access means a mix of awareness training and access controls.
A first line of defense involves reviewing and improving password protocols. Strengthen password requirements and mandate credential changes frequently. Require the use of a password management tool and implement multifactor authentication to access every application, storage, communication, and other platforms. These measures make it harder for hackers to leverage stolen credentials, which often result in phishing schemes or ransomware problems.
Access controls should also delineate employee-specific data and systems based on roles. Do not give “all access” by default, but instead review job roles and determine weak points. Can the marketing manager access the company’s financial records? Does the accounting team need to review proprietary research and product development files? Matching access to roles reduces exposure points, especially for remote workers that might go outside of approved methods to pull corporate content.
- Shed Light on Shadow IT
When left to their own devices, remote workers and those in hybrid environments will often pick their own technology tools. They will use WhatsApp to talk to colleagues and partners, or Google Drive to share documents with a vendor. They are using familiar tools that help them get things done in their personal lives, so it’s natural they leverage them in their professional work. While most employees use these tools for the sake of productivity, it’s very likely they’re falling outside IT’s approved list of programs and actions. They’re engaging in “shadow IT”, the use of unauthorized software and hardware tools that can expose networks to security vulnerabilities.
With a remote workforce, there’s much less IT visibility into an employee’s actions. The worker might use a secure corporate connection to pull files, but then talk to a fellow employee through Facebook Messenger instead of the approved chat tool. Organizations need policies and controls in place that monitor and restrict certain activities. Senior leadership teams need to find the right balance between ensuring access and productivity and keeping corporate data secure. If the current IT infrastructure and policies make it much harder for remote workers to perform their duties, and these workers are under pressure to perform, then it’s understandable they stray outside approved tools. The CEO and CTO need to address these situations to ensure the removal of any roadblocks while lowering the potential risks of unapproved tools.
- Use Context-Based Training
Training remote workers needs to come with empathy and understanding, not just policies and mandates. For many remote workers, they spent years or decades in corporate settings, and adjusting to being at home takes time. It’s a different environment, one filled with personal distractions and a blending of responsibilities. Mistakes are bound to happen, whether it’s the employee forgetting about the corporate VPN and using an unsecured network to access data, or sending a coworker a note through their personal email instead of a work address.
CEOs can play an important role by requesting training that reflects the complexities of remote working. They can require themselves and the upper management team to participate, as any employee can unintentionally expose the firm to risks. This training should tie employees’ actions with potentially exposing the company and losing their jobs. Providing some context about the ways hackers access systems makes the training more relatable. Show workers news stories about ransomware attacks that crippled a firm. Relate to them examples of firms damaged by phishing schemes and provide tech tools that prioritize safety and privacy, such as GOFBA – a secure search engine and communication platform.
Training for remote workers should cover BYOD policies. Can workers use their phones and personal laptops for work, or do they need corporate-provided devices? For hybrid work environments, do employees follow the same procedures at home as in the office? If there are exceptions to rules, does that pose a security risk? Training should also cover phishing scheme prevention, the usage of thumb drives, the dangers of unsecured Wi-Fi, and other similar topics.
CEOs can reduce their company’s risk exposure and improve employee productivity by investing in comprehensive workforce management. The most successful firms are those that protect corporate digital assets while also leveraging the benefits of a well-trained remote workforce that generate positive business results.
Written by William DeLisi.
Add CEOWORLD magazine to your Google News feed.
Follow CEOWORLD magazine headlines on: Google News, LinkedIn, Twitter, and Facebook.
Thank you for supporting our journalism. Subscribe here.
For media queries, please contact: firstname.lastname@example.org