With so many organizations switching to a work-from-home model, many are finding security to be increasingly more difficult to administer and maintain. There is an influx of vulnerable points distributed across more locations than ever before, as remote workers strive to maintain their productivity. The result? Security teams everywhere are being stretched.
The Third Global Threat Report from VMware Carbon Black also found little confidence among respondents that the rollout to remote working had been done securely. The study took a deep dive into the effects COVID-19 had on the security of remote working, with 91% of executives stating that working from home has led to a rise in attacks.
Are you making sure your security professionals are up to the task of remote working while security threats are on the rise?
1. Maintain consistency
One way to help mitigate risk is to have your developers and security professionals train at a consistent level so they are all on the same page. Knowing that there is some sort of security architecture at play in your organization and understanding the logistics of how to stress test aspects of that structure will make it easier to prepare for and block attacks.
2. Don’t overlook the details
Training needs to address all aspects of your structure, specifically: information security, data security, cybersecurity, computer security, physical security, IoT security, cloud security, and individual security. Each area of an architecture needs to be tested and hardened regularly for your organization to truly be shielded from security breaches. Be specific about your program: train your staff on how to defend your information around your HR records (SSNs, PII, etc.) and data that could be exposed (shopping cart, customer card numbers), as well as in cyber defense to provide tools against nefarious actors, breaches and threats.
3. Think about the individual
Staff must be trained to know how to lock down computers, so individual machines and network servers are safe. This training should also encompass how to ensure physical security, to protect your storage or physical assets. This comes into play more as the IoT plays a larger role in connecting our devices and BYOD policies allow for more connections to be made between personal and corporate assets. Individual security: each employee is entitled to be secure in their work for a company, and that includes privacy concerns and compliance issues.
4. Keep your head in the cloud
Today, most companies have some sort of cloud presence and security professionals will need to be trained to constantly check the interfaces to cloud and any hybrid on-prem and off-prem instances you have.
5. Invest in learning
With constantly changing layers of architecture and amplified room for breaches as a result of remote working, it’s hard to imagine how security professionals stay ahead of all the changes. One thing that keeps teams on top of their game is professional online learning.
During the COVID-19 shelter-in-place mandate, leading eLearning companies have witnessed a massive increase in hours of security content consumed. For some, security is one of the fastest-growing topic areas which suggests that this year, security is more important. This is likely because of the number of workers who have gone remote and challenges that brings to an organization, particularly in the security department.
6. Consider role-based training
While it’s important to equip teams with skills that apply across function, there is a case to be made for investing in experts. Cybersecurity is not a field where there is a linear path of growth. There are different journeys individuals can take to venture into paths to transition from a vulnerability analyst to a security architect. By looking at individuals within the organization to seek ways to upskill and take on new roles and responsibilities, you have the unique benefit of being able to help them curate roles that fit the needs of the organizations.
It’s not often that a business has a dedicated Remote Team Security Lead, because there was rarely a need for one. Considering the quick transition to remote work and possibility that this is the new normal, organizations can benefit by investing in specific training curated to meet the security needs of remote teams. If this role is cultivated within the organization, there is the added benefit of knowing that the lessons being taught provide direct relevancy to specific needs and increase the attractiveness of investing time and effort into skills training.
Training can be the key to preparing security professionals for the unexpected. But there is no one-size-fits-all lesson that can be delivered or an evergreen degree that can keep up with an industry that changes every day. Training needs to be always on the agenda and it needs to be developed in a way that offers different modalities of learning.
Regardless of how the individual best learns, criterion-based assessments can measure knowledge/skills and act as a guide to true, lasting learning. Developing a culture committed to agility and learning is the key to embracing change.
As most of the UK’s cybersecurity workforce now sits at home isolated while carrying out an already pressurised job, there is every possibility that this could be affecting their mental health.
In light of Mental Health Awareness Week, and as the discussion around employee wellbeing becomes louder and louder amidst the COVID-19 pandemic, we spoke with five cybersecurity experts to get their thoughts on how organisations can minimise the negative mental and physical impacts on newly-remote employees.
Remote but not alone: the power of communication
“In the current global situation, focusing on mental health is more important than ever,” says Agata Nowakowska, AVP at Skillsoft. “Now is the time to raise the profile of workplace wellbeing – even though our understanding of the physical workplace has shifted dramatically. Employers need to take workplace wellbeing virtual – meeting the needs of all employees, wherever they are and whatever environment they are in. Even if this is just regular check-ins – whether by phone or video call – everything you do as an employer makes a difference.
“Employee wellbeing should be a strategic priority for organisations, particularly given the uncertainty we’re all facing. Being supportive and lending a hand when employees need it will not just nurture their mental health, but the fundamental health of your organisation as a whole.”
Rob Shaw, Managing Director, EMEA, Fluent Commerce, adds: “Statistics reveal that 1 in 6 of us will have experienced a mental health problem in the past week alone. The importance, therefore, of ensuring discussions about an illness that will affect so many of us, remains in the spotlight cannot be underestimated. We all have our part to play.
“As an employer there are many things we can do to look after our team’s mental wellbeing. First and foremost is creating a culture where employees can talk openly about how they’re feeling without fear of repercussion. From online resources, having dedicated chat platforms where employees can share concerns, to having a qualified staff Mental Health First Aider, the range of things an employer can do to support employee’s health is vast.”
Protect employees by protecting valuable data
“With the COVID-19 pandemic causing devastation across the world, businesses in every industry are quickly having to adapt to a new working style,” says Krishna Subramanian, COO at Komprise. “Some technologies are getting more attention than others at the moment, such as video conferencing tools like Zoom, but there are other technologies that can make a huge impact on employee wellbeing too. With so many employees connecting from home, keeping data safe and secure at all times is a much bigger concern, so generating a cyber resilient safe copy of your business data in a separate location that is not subject to attacks is very important.
She continues, “implementing data management solutions that can help you create what is essentially an “air-gap” cyber resiliency solution to protect your data will give peace-of-mind to your employees, and help them focus on the job at hand.”
“A data breach can happen at any moment, demanding the attention and expertise of cybersecurity professionals,” adds Samantha Humphries, Security Strategist at Exabeam. “It’s an ‘always on’ profession, and there is an unspoken expectation for security teams to work excessive hours, but this leaves many with the inability to ‘switch off’ when they leave the office. Even the most hardened security professional cannot outrun this in the long term; it will inevitably take a toll on their health and personal lives… and this was before lockdown.
“Current events have introduced a whole new level of unprecedented pressure. We have seen the number of data breaches, compromised video-conferencing and COVID-19 related phishing scams soar. In addition, working from home for many individuals also means balancing parenting and home-schooling with their professional responsibilities. In any job, it would be easy to feel overwhelmed by the situation. For our friends in security, it’s a formidable task.”
Promote and honest and open employee culture, both from home and the office
“Encourage employees to take the tough decisions for an easy life when it comes to managing sometimes unrealistic workloads,” says Rob Mellor, VP & GM EMEA, WhereScape. “Honesty also applies to our mental wellbeing that keeps us happy and focused. If appropriate, it can be useful to know about issues that affect performance at work, so managers must make it clear that they’re available to talk.
“As long as organisations continue to make progress in promoting mental fitness, no matter how slow that improvement might be, they are making the move in the right direction. During Mental Health Awareness Week I would like to encourage organisations to share tips and technology that have enabled their progress through social media, websites, Slack groups and other channels.”
Sam Humphries concludes: “I would like to remind our valued security teams that they are not alone. Check in with one another, engage positively with the rest of your organisation and listen to one another. A simple phone call and an understanding tone goes a long way. For those relying on the cybersecurity team – make them feel valued and supported. Particularly for us Brits who tend to ‘suffer in silence’ – stress and isolation doesn’t have to be a battle fought alone. Honest and transparent communication will help provide more certainty in these uncertain times. We all have a role to play in this – make sure you stay connected and kind.”
With the help of things like Mental Health Awareness Week, the conversation around mental health in the workplace is one that is growing momentum each year. This week is a good reminder for employers to help relieve workplace stressors and to prioritise their one number asset, their people.