- The coronavirus outbreak forced many organizations to implement work from home policies immediately.
- The move has revealed a serious gap in digital transformation preparedness, particularly as it relates to cybersecurity.
- Cybersecurity is as much an IT issue as it is an HR issue; organizations need to ensure that they have the right infrastructure in place, but also that they have and enforce the right policies and processes to protect their employees and important data.
As people increasingly work from home in the hopes of stopping the spread of COVID-19, organizations have been met with the challenge to embrace and implement digital tools in little to no time.
The global experiment to work remotely has revealed that few organizations have been working on their digital transformation preparedness. And this has come at a high price.
Cyber attacks have been on the rise as more people work from home. A worrying trend, as organizations have previously cited security’s role in digital transformation as a potential risk. In fact, a recent survey found that cybersecurity was the #2 technology priority in terms of investment for organizations in 2019.
While the above is an IT challenge, the reality is that digital transformation efforts have failed, in large part, because leaders forget that digital transformation is also an HR issue.
In an interview with Allwork.Space, Tony Saldanha stated that digital transformation requires the “rewiring of organizational management and individuals to accommodate emerging technologies that are changing the way we work and live.”
In a recent article Aaron Mauro, Assistant Professor of Digital Media at Brock University, argues that:
“Cybersecurity is a human problem: the person at the screen or keyboard is always the weakest point in any technical system. Attackers will use a set of techniques — broadly described as social engineering — to trick us into divulging sensitive information.”
In other words, cybersecurity attacks can be prevented in two ways:
- By ensuring your organization has the right infrastructure, tools, and processes in place to protect employees and data.
- By training employees on how to use emerging technologies, how to follow processes, and teaching them basic cybersecurity housekeeping skills.
While the coronavirus outbreak didn’t give companies much time to set up your IT infrastructure to best support work from home practices, organizations should take the time to walk employees through how to set up a secure home network, how to identify suspicious sites, and how to protect company/client data while working from home.
The issue of cybersecurity becomes even much more of a challenge when organizations are not able to provide employees with their own work device and, instead, encourage workers to use their own personal devices.
Cybersecurity Tips for Companies and Employees
For Companies
- Provide workers with company owned devices.
- Provide workers with access to a VPN.
- Have strict processes in place on how to log in to the company network, how to share information with stakeholders, and what types of networks employees are allowed to use.
- Provide easy to digest cybersecurity information to all remote employees.
- Create and enforce password policies (using an uppercase letter, using numbers, using symbols, minimum length, etc.). Consider encouraging people to change their passwords regularly.
- Provide online security training, even if it has to be done virtually.
- Consider implementing two-factor authentication when possible.
- Ensure that company emails have a robust spam filter setup, this will decrease the possibility of an employee falling victim to a phishing attack.
- Remind employees to keep all software and remote collaboration tools updated.
- Create a quick response guideline should anyone fall prey to a cybersecurity attack.
For Employees
- Ensure your home network is secure.
- Turn off your Bluetooth, particularly in public places and when there’s no need for it.
- Double-check the sender of emails, particularly if they’re asking you to download anything or click on a link.
- Use a VPN.
- Ensure you’ve installed and updated any antivirus software.
- Update any software, platform, and application you use for work.
- Encrypt and password protect company files that you need to send. If you need help, reach out to your company’s IT team.
- Inform your IT team immediately if your device has been compromised or if you suspect you’ve been a victim to a cyber attack.
- Install trustworthy anti-malware software on your device.
- Use multi-factor authentication.