Most of us have likely experienced the sense of autonomy, flexibility, and increased productivity that came with the proliferation of remote working. Following the initial shock and adjustment period of 2020, this new dynamic has evolved into a positive experience and welcome change for the majority of workers. In fact, it has been so beneficial that it has quickly become a successful tactic for businesses to not only recruit new employees, but retain their existing talent. However, evolving this once-novel dynamic for long term sustainability comes with new logistical challenges – particularly a significantly heightened concern around data security. As employees are connecting to company servers and accessing data from a variety of locations, many using public WiFi, previous security protocols can no longer be enforced to the level they once were. Considering that IBM reports the average data breach costs $4.24 million, a 10% increase from 2020 to 2021, and the new peak cost of a data breach in the 17 year history of the report, this dangerous reality demands attention.
With hybrid work here to stay, it’s time for businesses to face the concerns that come along with it head on and prioritize security fit for the new work dynamic.
Success begins with the foundation
By observing the steps being taken to create their organization’s security structure, security leaders can uncover how best to build a strong foundation for success. Just as a building can’t stay standing atop a weak foundation, your company’s security policies can’t withstand challenges without a sturdy base. A large focus of compliance and security teams’ responsibility is to assess the status of the existing operations and stay updated on best community practices, as well as how to avoid arising threats.
In the team’s audit, they should ensure that all third-party software and technology used by partners within the company have strong security standards in place. This practice should be regularly conducted as part of internal security protocols. Starting off, the team should go back and review policies, keeping an eye out for any red flags, for example, if a tool’s terms of service doesn’t mention any major regulations that are popular in the press, such as GDPR policies and CCPA policies. Beyond that, each should have up to date terms of service and data processing policies that consider current industry best practices. Organizations with established security structures often lead with trust pages that clearly and prominently explain their approaches to security. It’s vital to ensure that all software and technology partners have thorough standards in place. If those standards aren’t in place, it may be necessary to reconsider that partnership, but if they do have those standards, then your company is already headed in the direction of having a strong security program.
Creating comprehensive cybersecurity policies
A good cybersecurity policy is functional, specific, and, above all else, resilient. Creating a policy that’s rigorous enough to block unwanted network intruders, yet permissive enough to allow employees to efficiently utilize their information and data must be the goal. Having this in place makes the team’s daily tasks easier, rather than convoluted while requiring them to maintain the safety of organizational data.
Bringing together internal team members for collaboration is another fundamental aspect for designing strong processes. Security and compliance leaders are essential for working together to build policies, ensure compliance within these policies, and stay current with attacks and vulnerabilities being targeted by other companies.
Training for new protocols
Once the structural side of security is completed and evaluated for success, the intentions of the company’s security efforts must be communicated to the employees. Furthermore, it is vital that they are trained to adhere to any new protocols. To ensure that the meticulously crafted plan for a new security policy is adequately adopted and has no weak links or loose ends, standardization is crucial.
Security can be a dry subject, but an important one, so making it engaging for employees is important. Employees must retain and implement these practices, and organizational leaders can help the details of training stick by making them fun and interactactive while still driving home the key takeaways critical to maintaining security compliance. Going over common types of attacks like suspicious emails and social engineered attacks is a good starting point to get everyone on the same page. The goal of these trainings is to prime your staff to use their best judgment, establish practical security knowledge, and ensure they adhere to specific security dos and don’ts–not to quiz employees on arbitrary security trivia.
Most importantly: Resilience
When the press seemingly covers a new major breach every day, the task of ramping up cybersecurity can be daunting. However, the steps we’ve laid out can help to reduce organizations’ exposure to threats. Through trial and error, we know that creating strong standards will serve you well, and in our increasingly digital world, you must lead with a heavy focus on security. In all respects, it is most vital to understand that cybersecurity policies should be comprehensive, functional, employee-friendly, adaptive, followed-by-all, and standardized. As the hybrid work space continues to evolve, these considerations should provide organizations with the proper basis for success.
Matt Diebolt is the CTO of Poll Everywhere.