Sunday, January 30, 2022

The Next Damaging Cyber Trend: Click Paralysis & How To Avoid It

 


Let’s face it, right now, we as Americans are facing a high level of anxiety and nervousness.  A lot of this has been triggered by the huge upsurge in Omicron, the fears of inflation of what the Fed is going to do, rising political tensions in the Ukraine, at least here in Chi-town, the cold weather. 

But another key factor that is raising angst with us, especially with the Remote Worker, is the Cyber Threat Landscape. 

The reason for this is that on a daily basis (depending upon how much we tune into the news), is that you keep hearing about attacks every day.  Now, the newest one to come out and haunt our minds is the increased threat of Russian based Cyberattacks as tensions loom further as to what is going to happen in that part of the world.

Also thrown into the mix is that employers, yes, actually believe it or not, seem to be taking Cyber Hygiene much more seriously now, and are reminding employees of that, and the consequences of not following the security policies. 

While this is of course a good thing, this has stepped the boundaries onto the other extreme:  Remote Workers are now too scared to touch anything on their devices, for the dire fer of being blamed if something goes wrong.  This has become now known as “Click Paralysis”.

This is starting to become a huge concern now, as the productivity levels of businesses have fallen, as IT Security teams are doing their best to protect the digital assets of their employers.  What is now needed in Corporate America is a sense of balance being secure, and allowing employees to relax about things so that they can get their work done, and be productive.

So how can one embark on such a mission?  Here are some key strategies that any CISO should be following:

1)     Maintain a sense of transparency:

When we all worked at the brick-and-mortar offices before COVID19 hit, there was some sense of openness that was maintained, of course depending upon your boss. At least at the places where I have worked at, I was fortunate enough to have that in my managers.  But now, with everybody working from home, and being in the digital world that we are in now, this level of transparency has now for the most part, disappeared.  True, we can still see each other on Face Time, Zoom, Microsoft Teams, etc.  But it just isn’t the same anymore.  Somehow, managers across Corporate America are going to have find a way to bring all of this back, as the notion of the Remote Workforce looks like is now going to be a permanent fixture.  It has transcend all levels of the employer and employee relationship, even from the standpoint of Cybersecurity.  Employees don’t want to be scolded if they make a mistake, for the most part, we just need to be told what we did wrong, learn from our mistakes, and move forward.  So, it is in this sense that managers have to cultivate more a friendship kind of environment, and most importantly, one that will foster a sense of deep trust.  At least from the standpoint of Cybersecurity, one way to do this is have a hotline of sorts in which employees can report suspicious behavior to the IT Security team on an anonymous basis, without the fear of retaliation or job loss.  In fact, according to a recent survey conducted by Price Waterhouse Coopers (PwC), only 26% of the respondents polled felt that they could report an incident to their manager without the fear of reprisal.  Now, that is pretty bad, and this number has to improve greatly before a true sense of openness, honesty, and transparency can even evolve.  More information about this survey can be see at the link below:

https://www.pwc.com/us/en/library/covid-19/survey-adopt-a-cyber-savvy-culture.html

2)     Employees are your strongest asset:

Its’ in the news headlines all the time, that your employees are the weakest link in your security chain.  They see and read about it, and by mistake, you probably reinforce it as well when you communicate to them.  Because of this daily onslaught, your employees are indirectly brainwashed into actually believing this nonsense.  So as result, they are too afraid to try anything new, and if something does go wrong, they then blame themselves, which leads into more self-pity, and decreased productivity.  The time to stop this is NOW!!!  You need to change this around by telling your employees on a constant basis that they are your greatest assets, after all they are your eyes and ears when you are not around.  You need to tell them that it is OK to make a mistake, and that if anything does happen, your business can recover.  But of course, you have to strike a particular balance here as well, in that you do not want employees purposely to make mistakes by letting their guard down.  One of the best ways to do this is by having a good Security Awareness Training program.  Yea, I know, we all have heard about this, but the moral of the story is that it should not be some boring lecture for one hour that your employees care nothing about.  Rather, you need to make them fun and competitive by instilling a sense of teamwork and togetherness.  In other words, you want them to come back for more training, and not the other way around.  This is one strong way in which to motivate your employees to have a stronger level of Cyber Hygiene.  In fact, include the concepts of Gamification in your training approaches.

My Thoughts On This:

Now more than ever, you need to rely on your employees to be that proverbial 6tth sense for you to help you keep an eye on those digital assets.  As I wrote about in yesterday’s blog, it all comes down to being proactive. 

However, that does not simply mean that you go on a spending spree to buy new security tools and technologies.

Rather, it means instill a sense of Cyber empowerment with your employees, by taking action on the steps detailed in this blog.  It also means recognizing your employees for a job well done on the Cyber front. 

You don’t have to be lavish on the spending, even a gift card, or a reduced membership price to the local gym can help the human spirit go a long way than you have ever imagined. 

Also keep reminding your employees that the Cyberattacker can be defeated.  It may not happen all at once, but over time, it will certainly happen as long as you take the earnest efforts to maintain a sense of openness and transparency.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...