Apr 21 2020

In the Future of Work, Cybersecurity Needs to Be More Human

With the right company culture, organizations can transform employees from their greatest security liability to their greatest security asset.

Keeping up with the latest cybersecurity threats is already a stiff challenge for businesses. With every new technology and every new update seems to come new vulnerabilities that need to be found, patched and shared. 

That challenge became even greater when two-thirds of the workforce moved to their home offices. Now, in addition to shoring up their organization’s remote work infrastructure, IT departments also need to account for a slew of new cybersecurity needs. From unsecured internet connections to an increase in device use, businesses need to prepare for what future threats hold.

A large part of that protection lies within the workforce itself. In a session at the CDW Future of Work Virtual SummIT, CDW Practice Architect Paul Shelton discussed how the changing nature of work is creating new cybersecurity challenges, and how organizations can turn employees into their greatest security advocates. 

A Remote Workforce Changes Security Needs

Some of the security needs of a remote workforce are relatively obvious, as organizations need to make sure network access is protected across multiple devices. But businesses also need to understand the impact of the physical security they’ve lost by having employees work from home. In a normal office environment, things like access to the building or a specific computer are all controlled. In a remote work environment, those controls don’t exist. 

“Their office is wherever they happen to find themselves,” says Shelton. “So the ability to put some controls around where people are, what people are doing and what they’re doing it with have become very, very fluid. We don’t have some of the compensating controls that we used to have, that we used to depend on to keep us safe and to keep our information safe.”

While that is a big change for IT departments when it comes to cybersecurity, Shelton says it’s not necessarily a bad thing. Being able to help the business remain nimble can be key for resilience.

“We want to continue to enable that to happen,” he says. “There’s a lot of the advancements and a lot of business trends that we find right now that are based on those concepts. So as we move to a more hyperagile type of business model, by necessity the hyperagile workforce has to come along with it.”

INSIDER EXCLUSIVE: Watch the full webinar from the Future of Work Virtual SummIT.

Empower Employees to Defend Against Cybercrime

Despite IT tools and precautions, the biggest potential vulnerabilities often lie with employees. Cybercriminals can gain access to networks by targeting people and appealing to their emotions, something that can be difficult to account for with technology. 

“As we look at the convergence of opportunity and ability, when we look at threats, when we look at how bad actors are going to take advantage of this, three-quarters of them if not more focus on the individual,” Shelton says. “The game of attacking the infrastructure has been over for a long time.”

In times of great transition, it is particularly important to encourage employees to remain vigilant, as cybersecurity may not be top of mind for many. 

“They’re paying so much attention to integrating this new normal and to getting work done, it starts to relax some of the attention that goes on to other things,” says Shelton. “That’s the opportunity that these bad actors are looking for. That’s the opportunity they're trying to exploit, to make this a monetary venture for them. Don’t let them do it.”

While ingraining cybersecurity principles into company culture may be a large time investment, it can go a long way toward ensuring that employees are building the right habits.

“It’s very much a herd immunity type of approach to getting an organization much more resilient to attack,” Shelton says. “Getting folks into a culture and a mindset that allows them to not be concerned about reporting these things, not be concerned about going to information security and reporting a strange email they saw.”

Keep this page bookmarked for articles, videos and webinars from the Future of Work Virtual SummIT, and join the conversation on Twitter @BizTechMagazine.

Marco_Piunti/Getty Images