How to foster a safe and secure cybersecurity culture

N/A

Over the past 18 months, global working culture has changed, indefinitely and irreversibly. The pandemic tipped the traditional office environment paradigm on its head overnight, both encouraging those already exploring remote working to fast-track wider application, while also forcing reticent organisations into adoption purely to keep the lights on.

Encouragingly, many of those reluctant brands have since woken up to the numerous and widespread benefits of a remote – or at least hybrid – workforce. Employee agility, flexibility, and autonomy have all contributed to productivity spikes and improved mental wellbeing. In fact, many employers predict their remote workforce will double when travel and societal restrictions are eventually lifted.

However, it’s not all been plain sailing. Equipping employees with the right tools to work efficiently, keeping them engaged from a work and mental health perspective, and ensuring they’re working safely and securely – all represented huge challenges for HR and IT teams to tackle.

The latter, especially, has proven a tough nut to crack. Indeed, according to UK Government data, four in 10 businesses suffered a data attack or breach during the past 12 months, while our own 2021 Data Breach Investigations Report revealed that the human element accounted for 85% of breaches.

Clearly there’s a security issue associated with remote working, and however unwittingly, employees are putting their companies at risk. So, what can HR do to enable, equip, and empower their people to embrace the benefits of remote working, while at the same time safeguarding their employer?

Four recommendations to encourage secure remote working

1) Reduce risky behaviour
This one may sound obvious, but fostering a culture of responsibility and accountability across the entire business represents the key building block for teams looking to establish safer working practice. Recommendations include:

  • A clear and robust remote working policy: Most teams will have been working meticulously on these over the past couple of years, but the policy itself is only half the job. Letting employees know about its existence isn’t enough, they must know it back to front, and understand its application in a practical context. Consider regular training sessions that engage the employee with use cases and danger scenarios, to ensure they aren’t merely glancing over it as a box-ticking exercise. Remember that employees are the first line of defence against any cyberattacks against a business.
  • Create a culture of trust, not fear: Employee accountability and responsibility are one thing, but HR teams must be careful not to create a culture of fear. The serious ramifications of security breaches must be communicated, yes, but this must not evolve into a blame culture, where the employee is either constantly living in fear, or is too scared to report suspicious activity for fear of the reprisals. Educate employees on the routine signs of common attacks types and make it as easy as humanly possible for employees to flag suspicious activity.

2) Manage your apps
Wholesale remote working brought with it an influx of apps and pieces of software promising to solve all your business needs. From online video tools to workflow management systems, and employee engagement apps to virtual onboarding platforms, employers have a wealth of app options to choose from, and it’s usually down to HR to roll them out. In fact, according to our Mobile Security Index 2021, three-quarters of businesses said their reliance on cloud-based apps is growing. Recommendations for increased app security include:

  • Select apps only: Ensure your employees are exclusively using apps that have been approved and verified by the company. It can be easy to switch apps when chatting with clients, or take a conversation to WhatsApp while talking shop, but employees must ensure they’re using the right apps for the right tasks.
  • Update, update, update: Cybercriminals evolve fast, and therefore apps must do too. Make sure your employees aren’t putting off applying the latest patches across all their apps. Also, make sure they’re updating apps across their devices – for example, if Microsoft Teams hasn’t been updated on their mobile, it makes their laptop update completely pointless.

3) Protect your devices
The overnight transition to remote working meant many employees had to quickly come to grips with new devices, such as mobile. This, coupled with the fact 40% of businesses see mobile devices as their biggest security risk, highlights the importance of robust device security. Recommendations include:

  • Public device safety: As society returns to a semblance of normality, many employees will be keen to get out of their homes and work in public places, such as cafes or restaurants. Ensure that employees understand the risks of leaving any work device unattended, as well as connecting to public networks.
  • Lost or stolen process: If a device is lost or stolen, make sure employees know how and who to report it to. A quick flag can make a huge difference between criminals getting their hands on valuable data or not. Consider using mobile device management (MDM) software to remotely lock access to any stolen or misplaced device. MDM software can also remotely erase data or retrieve back-up data from a missing device.

4) Be smart about networks
Overnight, most companies lost the reassuring presence of a physical IT team and an on-site secure network. Home Wi-Fi just doesn’t possess the same level of security features as business networks. Recommendations include:

  • Consider VPNs: Virtual Private Networks (VPNs) provide employees with a safe and secure route to working remotely. Ensure any VPNs are regularly patched, and make sure employees are educated on how to best use them, and in which scenarios they work effectively.
  • Bolster home Wi-Fi: Even if employees use a VPN while working, they must also be made aware of the dangers of all other devices that are connected to their home network. All it takes is one connected device (such as a boiler or doorbell) to be breached, and attackers can spread their net to snag work-related data.

Remote working is here to stay
Despite the uncertainty and widespread disruption caused by the global COVID-19 pandemic, one thing is for certain – many of us will never return to the five-day office culture. While this is an exciting proposition for employees and businesses alike – with wellbeing and productivity benefits galore – it’s crucial that we don’t lose sight of the inherent challenges of managing a remote workforce.

The security industry has long been urging businesses to stop treating it as an afterthought, and the pandemic has lent even more credence to this call to arms. Cybersecurity must be embedded deeply into the culture of an organisation, and HR has a critical role to play in this dissemination, especially when it comes to the new hybrid working model that will dominate much of the world in the years to come.

    Read more

    Latest News

    Read More

    Yes, you’re diverse… but are you inclusive?

    21 November 2024

    Newsletter

    Receive the latest HR news and strategic content

    Please note, as per the GDPR Legislation, we need to ensure you are ‘Opted In’ to receive updates from ‘theHRDIRECTOR’. We will NEVER sell, rent, share or give away your data to third parties. We only use it to send information about our products and updates within the HR space To see our Privacy Policy – click here

    Latest HR Jobs

    University of Oxford – Nuffield Department of MedicineSalary: £27,838 to £31,459 per annum (pro rata). This is inclusive of a pensionable Oxford University Weighting of

    JOB TITLE: Hotel Manager – FTC 12 months – January 2025 start LOCATION; North West England SALARY: Around £45,000 per year plus performance-based bonus, rewards,

    We are seeking a dynamic and driven Human Resources Officer to become a key player in The Welbeck Team In this exciting role, you’ll invent

    Read the latest digital issue of theHRDIRECTOR for FREE

    Read the latest digital issue of theHRDIRECTOR for FREE