Each week for the month of October, we will take a new perspective to the NCSAM topics and give insight into more improved options.
Breaches occur at an organization’s weakest point — which is likely not the organization’s IT department. Ninety-five percent of cybersecurity breaches are attributed to human error making training employees the single most important part of security. Many employees are now working from home in more stressful and distracted home situations. This makes the line between work and home increasingly overlap and adds new significance to secure devices at home and at work.
This week will be filled with articles guiding users through basic steps for checking and securing devices, including firewalls, routers, VPNs, software updates, password security, etc. This article, however, is taking a different approach to the National Cyber Security Awareness Month’s second week’s theme: Securing Devices at Home and Work.
One Focus — Three Areas of Awareness
People are often the weakest link — but they can also be the strongest defense. People are always the focus. There are three areas to be aware of to keep people (and thus the company) safe and secure.
- Physical environment
In cybersecurity, when we talk about physical security, it’s often about locked doors. At home, this means locked screens, secured internet, and not sharing work devices with family members. But it is also important to remember that not all work from home situations are ideal. Not everyone will have a dedicated desk with ergonomic chair in a private space. Employees may be at a kitchen table, in a walk-in closet, or at the top of a stairwell landing multi-tasking as parent and teacher.
- Psychological and emotional environment
To say 2020 has been a difficult year might be an understatement. Burn out, emotional exhaustion, and a sense of being perpetually overwhelmed are common. These feelings are perhaps even to be expected because “How do you adjust to an ever-changing situation where the ‘new normal’ is indefinite uncertainty?… It’s important to recognize that it’s normal in a situation of great uncertainty and chronic stress to get exhausted and to feel ups and downs.”
High achievers may find themselves especially challenged by the events of this year since it’s a problem that can’t be solved and is nearly impossible to set solid routines around. This may be triggering feelings of loss or grief in employees which may make their work simultaneously more important but harder to focus on.
- Cyber awareness
Yes, practice good password hygiene. Yes, update your software, use a VPN, and make sure you power cycle your hardware regularly. Yes, to all the standard cybersecurity awareness practices — and yes, keep training your people.
Phishing attacks are not only getting more sophisticated and difficult to spot, they’re also at their highest level in three years. But well-trained people are the best defense for phishing. Employees must not only know how to spot a phishing attempt but also what to do in case one slips through the defenses. The difference between knowing what to do or not to do is the difference between your security team taking 20 minutes to secure the company or a data breach, fines, loss of trust, and potential loss of business.
A little bit of time invested in growth, health, and awareness leads to a lot of time saved in the long run. Invest the time to check in on your people, not just to manage them but to help develop them. Make sure they are not just “getting the job done,” but are getting the support from the company to do so wherever they are.
This year has been full of changes and incredibly stressful with all the upheavals, shifts, and challenging “new normals.” It has also provided industries, companies, and individuals the opportunity to learn, refocus, pivot and grow stronger.
One of the most important ways to secure devices at home and work is to make sure their operators are trained. Training empowers people to know what to do and to understand the importance of those actions. It also reinforces the value of security within the company and for the individual.
Time is always precious — there’s never enough of it, even on good days. Using it well is essential. But with good training, new skills are learned which can be efficiently executed — all of which save time and money in the long run for the organization and the individual.
Securing devices might sound boring, difficult, and time consuming — but it doesn’t have to be. Making security and safety part of company priorities helps reinforce its importance and ensures there is time and skills to integrate it into daily work activities. Keeping your people consistently trained and supported wherever they are is key to staying secure and successful.
Don’t miss next week’s conversation with a fresh perspective on week three’s theme: Securing Internet Connected Devices in Healthcare. Did you miss last week’s take on week one’s theme: “If you connect it, protect it”? Read it here.