The changing demands of workers and industries throughout the pandemic has resulted in businesses across EMEA continuing to explore new methods of hybrid working. One globally recognized benefit of the shift to this model is that many of us can now enjoy a much healthier work/life balance. But despite an increase in awareness around cybersecurity, many organizations have fallen victim to cybersecurity attacks and have struggled to protect remote workers.
Quentyn Taylor is Senior Director of Information Security and Global Response at Canon for EMEA.
The unexpected need for enterprises to transform their business models into remote or hybrid working meant that most businesses were unprepared for change. As a result, many organizations lacked adequate security tools such as remote access solutions or faced challenges after leaving RDP exposed on the Internet or not properly patching VPNs.
The pandemic also saw a rise in cybercriminals utilizing social engineering cybersecurity attacks, which created a significant problem for businesses. Many of these bad actors would pose as individuals from Twitter’s IT department, for example, targeting employees in their homes and surreptitiously accessing confidential information. Sadly, these sorts of methods are likely to continue to develop in the year ahead as cybercriminals grow smarter and expand their techniques. This is highlighted by the fact that prior to the pandemic, 20% of cyberattacks used previously unseen methods or malware – a figure that rose to 35% during the pandemic.
Enterprises are no longer working from one centrally managed office in today’s hybrid world but are running their business directly out of people’s homes. This means it’s more important than ever for business leaders to be aware of the importance of good cybersecurity, which will be key to protecting not only their business but also their employees in the year ahead. So how can they prepare and take learnings from the pandemic?
Ensuring your business is prepared
Organizations should start with clear communications and a remote management plan to make sure they can contact employees in emergencies – for example, if their platform of choice suffers an outage. They can also take proactive steps to protect and secure their data by investing in enterprise password management systems or similar technology.
Changing delivery of your messaging
Enterprises should also ensure their communications and guidance are tailored and relevant to their employees. For example, business leaders are more likely to secure and maintain interest from workers by focusing on outcomes and actions as opposed to talking about policies. They can also give short, sharp security briefings to employees, enabling information to be provided in more innovative and exciting ways than the dreaded “death-by-PowerPoint”.
The use of innovative training methods has been proven to be highly effective and should therefore be considered by organizations in 2022. Something as simple as bite-sized videos – such as an educational video on how to spot a phishing email “informing” the reader of a parcel delivery cost – is often well-received. Businesses can also tap into immersive experiences, such as breakout rooms with challenges, virtual escape rooms, and even quizzes or crosswords. They can even go a step further by providing prizes to encourage teamwork and engagement – after all, who doesn’t like to be rewarded for their hard work?
Create cybersecurity champions
IT and InfoSec teams can famously be difficult to get hold of, which often results in employees feeling removed from this area of the business. By nominating cybersecurity champions within the business – that is, several trusted, go-to people to act as the voice and ears of cybersecurity – employees can feel confident that they have a friendly face they can approach when they want to ask questions.
Additionally, this is useful from a business perspective, as layering security through a champion network is a good method for organizations to scale up their cybersecurity messaging and encourage openness and communication.
Praise, don’t punish
It’s essential that businesses encourage and celebrate good cybersecurity practices instead of punishing people for mistakes. It can prove difficult to motivate employees to pay attention to cybersecurity if an atmosphere of fear is created around the topic – and it is in fact much more likely in this instance that workers will disengage and switch off from cybersecurity altogether.
The personal side of cybersecurity
Many businesses have realized due to the pandemic that they are fundamentally at a business disadvantage. The rapid shift to hybrid working gave many organizations the boost they needed to strengthen their overall position in the cybersecurity landscape, with the topic now more of a business priority than ever before. So, while cybersecurity is now being taken far more seriously at board level, this momentum must be continued – and should now trickle down to educating employees.
Workers need to have a fundamental understanding of why they should care about cybersecurity. It’s actually about more than simply trying to protect a device or connection, but even boils down to protecting an employee’s identity and the business that provides them with a job and income. By focusing on the personal side of cybersecurity, organizations can ensure that their messaging grabs the attention of their employees and resonates with them on a human level.
By employing these tactics, businesses can work to encourage positive attitudes towards cybersecurity in 2022. It is this mindset across the business which will enable organizations to feel confident that their messaging is getting across, and that they can ensure their business and employees are as safe and secure as possible in the year ahead.
