A Remote Workforce Changes Security Needs
Some of the security needs of a remote workforce are relatively obvious, as organizations need to make sure network access is protected across multiple devices. But businesses also need to understand the impact of the physical security they’ve lost by having employees work from home. In a normal office environment, things like access to the building or a specific computer are all controlled. In a remote work environment, those controls don’t exist.
“Their office is wherever they happen to find themselves,” says Shelton. “So the ability to put some controls around where people are, what people are doing and what they’re doing it with have become very, very fluid. We don’t have some of the compensating controls that we used to have, that we used to depend on to keep us safe and to keep our information safe.”
While that is a big change for IT departments when it comes to cybersecurity, Shelton says it’s not necessarily a bad thing. Being able to help the business remain nimble can be key for resilience.
“We want to continue to enable that to happen,” he says. “There’s a lot of the advancements and a lot of business trends that we find right now that are based on those concepts. So as we move to a more hyperagile type of business model, by necessity the hyperagile workforce has to come along with it.”
Empower Employees to Defend Against Cybercrime
Despite IT tools and precautions, the biggest potential vulnerabilities often lie with employees. Cybercriminals can gain access to networks by targeting people and appealing to their emotions, something that can be difficult to account for with technology.
“As we look at the convergence of opportunity and ability, when we look at threats, when we look at how bad actors are going to take advantage of this, three-quarters of them if not more focus on the individual,” Shelton says. “The game of attacking the infrastructure has been over for a long time.”
In times of great transition, it is particularly important to encourage employees to remain vigilant, as cybersecurity may not be top of mind for many.
“They’re paying so much attention to integrating this new normal and to getting work done, it starts to relax some of the attention that goes on to other things,” says Shelton. “That’s the opportunity that these bad actors are looking for. That’s the opportunity they're trying to exploit, to make this a monetary venture for them. Don’t let them do it.”
While ingraining cybersecurity principles into company culture may be a large time investment, it can go a long way toward ensuring that employees are building the right habits.
“It’s very much a herd immunity type of approach to getting an organization much more resilient to attack,” Shelton says. “Getting folks into a culture and a mindset that allows them to not be concerned about reporting these things, not be concerned about going to information security and reporting a strange email they saw.”