How can you encourage employees to protect themselves in the new normal?
The large-scale shift to remote working as a result of Covid-19 has exposed critical gaps in the security of many organisations. In the rush to maintain workflows, cyber security in the home became an afterthought, with more relaxed attitudes and weaker network security exposing many workers to increased risk.
While security breaches and malware attacks dominate news headlines, IT leaders are more concerned about the threats from within - especially in the new normal. A survey by Computing shows CIOs see employee behaviour as the single biggest cybersecurity risk in this new culture of mass home working, with poorly protected home networks as the number two threat.
That's bad news in the current climate, where almost half (47 per cent) of IT leaders say that security alerts have increased, either greatly or somewhat, during the pandemic; and while 45 per cent say that alerts have stayed the same - and five per cent that they have fallen - dealing with those threats has become more difficult.
This is because of the lack of insight into the dispersed IT estate, the new reliance on employee common sense and home security, and the fact that mass home working was forced on many organisations by circumstance, perhaps without the right controls in place.
With users agreed to be the weakest link in the security chain, educating them about protection is surely the right attitude. However, only just over half (59 per cent) of respondents said they were currently using employee cyber risk training, with another 24 per cent set to adopt within the next 12 months.
This reveals the critical importance of human beings in the digital landscape. Seeing security solely as a technology problem demanding a technology solution is the wrong approach.
Employees - and their managers - need to understand the risks and the organisation's policies and procedures for mitigating them.