Ways of working have changed dramatically since Coronavirus first hit, and will likely never go back to how they were prior to this year’s events.
Of course, some organizations have had remote or flexible working policies in place for years, and it was already a growing trend prior to 2020. But this was accelerated by the pandemic and forced many organizations to adopt full-time remote working for the first time.
And now, what started as a temporary solution is quickly becoming a semi-permanent replacement, as employees demand more flexibility and businesses reap the benefits of lower overheads and improved efficiency. In fact, Tessian research found that 75 percent of IT leaders and 89 percent of employees believe the future of work will be “remote” or “hybrid” – a combination of working in the office and remotely.
Undoubtedly, this will have a significant impact on companies’ IT departments, who will need to deliver a frictionless experience and create strategies that empower employees to work remotely and securely - despite budget cuts and under-resourced teams.
If that wasn’t enough, IT teams also have to overcome the huge spike in security incidents - caused by people falling for hackers’ carefully crafted spear phishing attacks, malicious insiders and employees' mistakes.
No wonder 85 percent of IT leaders think they’ll be under more pressure in a hybrid working world. Here are six top tips to help.
#1 Focus on workplace wellbeing
Employee wellbeing was the top concern identified by IT leaders’ if businesses adopt permanent remote working arrangements.
Remote work can be incredibly stressful for some employees and this could be exacerbated by the fact that people are taking less time off work and working longer hours. In fact, another Tessian report revealed that 61 percent of employees tend to overburden themselves with work, causing them to work longer hours than necessary.
Everybody knows that when people are stressed, tired, and distracted, they make more mistakes - mistakes that could compromise cybersecurity. In fact, 46 percent of employees say they make more mistakes when they feel burned out.
IT professionals, therefore, must work with other departments to recognize the correlation between employee wellbeing, their productivity, and security if they want to keep data and systems safe. Management should always endeavor to lead with empathy and find ways to prevent stress among the workforce to prevent costly cybersecurity mistakes.
#2 Prevent breaches caused by people
Two-fifths of IT leaders think that their company will experience more data breaches if people continue to work remotely. Why? Because an overwhelming 82 percent think their organization is at greater risk of phishing attacks, while 78 percent believe their company will face more insider threats when staff work from home. In addition, 46 percent of IT leaders also worry that employees are practicing unsafe cybersecurity behaviors.
This isn’t trivial. The majority of data breaches, today, are caused by human error - whether that’s falling for a convincing phishing scam, breaking company policies to exfiltrate data or accidentally sending data to the wrong person.
With a distributed workforce, IT teams need greater visibility into their riskiest and most at-risk employees. By understanding employees’ behaviors, you can create policies and training that will prevent people’s actions from compromising company security and breaching sensitive data.
#3 Focus on phishing
Half of the organizations we surveyed said they experienced a data breach or security incident between March and July 2020. Phishing was the cause of half of these security incidents - making it the top attack vector during this time.
Cybercriminals have certainly capitalized on the pandemic, exploited people’s fears and uncertainty, and cashed in on the fact that remote workers have been more reliant on email to stay connected. They’ve launched more sophisticated phishing attacks, posing as trusted brands to trick people into clicking on links to fake websites, downloading malicious attachments or wiring money. In fact, 43 percent of IT professionals said their staff had received phishing emails with hackers impersonating software brands during the lockdown.
Email is one of the easiest and most effective ways hackers can hack humans to hack organizations. Solutions that can automatically detect advanced phishing attacks and warn people to the threat in their inboxes are invaluable in making employees think before they click.
#4 Rethink training
It’s encouraging that over half of IT leaders are planning to introduce more security training for employees in a remote working world. Cybersecurity is rarely at the front of mind for every employee, so reinforcing safe security practices through additional training is critical.
But approaches to training may need a rethink so that it resonates with employees and isn’t seen as “just another thing” on people’s to-do list.
According to our report, despite 57 percent of IT departments implementing more education and security training for their employees during the pandemic, nearly 1 in 5 workers said they didn’t even take part. Make training contextual, make it helpful and ensure it doesn’t disrupt people’s day-to-day flow.
#5 Update BYOD policies
BYOD has plenty of benefits for a remote workforce. People feel more comfortable on their own devices, and this decreases people’s dependency on IT teams to help with set-ups or malfunctions. But BYOD does also come with security challenges - ones that have come into sharp focus this year.
For example, in addition to loss of devices, IT teams have to worry about network security given that, if a cybercriminal was able to gain access to a personal device, they could maneuver from one device to another and move through an organization’s network quickly. There are also concerns for information security.
It’s also encouraging, then, that the majority of IT leaders said they will be implementing new BYOD policies, upgrades to endpoint protection as well as new VPNs in order to bolster remote work security.
#6 Make security as flexible as your employees
A previous Tessian study found that 54 percent of employees will find workarounds if security were to stand in the way of them getting their jobs done, opting for the path of least resistance. To protect data and systems from remote workers’ unsafe cybersecurity practices and detours, businesses must ensure security solutions and policies help, rather than hinder, people’s workflows.
With remote work here to stay, set your business up for success from a security standpoint. Give IT teams greater visibility into the human layer of the organization so that they can identify and remediate security incidents caused by human error faster and more accurately. Unburden IT teams by investing in security solutions that can automatically detect errors and prevent them from happening in the first place. And educate people on the threats in their inbox, while reinforcing safe data practices.
By doing so, you can proactively stop sensitive information from leaving your organization, company IP stays secure, compliance standards are met, and customer trust is maintained. One virus is enough to worry about and it is crucial that organizations can defend themselves against cybercriminals and data loss.
Tim Sadler, CEO and co-founder, Tessian