Let’s face it, right now, we as Americans are facing a high
level of anxiety and nervousness. A lot
of this has been triggered by the huge upsurge in Omicron, the fears of inflation
of what the Fed is going to do, rising political tensions in the Ukraine, at least
here in Chi-town, the cold weather.
But another key factor that is raising angst with us, especially
with the Remote Worker, is the Cyber Threat Landscape.
The reason for this is that on a daily basis (depending upon
how much we tune into the news), is that you keep hearing about attacks every
day. Now, the newest one to come out and
haunt our minds is the increased threat of Russian based Cyberattacks as
tensions loom further as to what is going to happen in that part of the world.
Also thrown into the mix is that employers, yes, actually
believe it or not, seem to be taking Cyber Hygiene much more seriously now, and
are reminding employees of that, and the consequences of not following the security
policies.
While this is of course a good thing, this has stepped the boundaries
onto the other extreme: Remote Workers
are now too scared to touch anything on their devices, for the dire fer of being
blamed if something goes wrong. This has
become now known as “Click Paralysis”.
This is starting to become a huge concern now, as the productivity
levels of businesses have fallen, as IT Security teams are doing their best to protect
the digital assets of their employers.
What is now needed in Corporate America is a sense of balance being
secure, and allowing employees to relax about things so that they can get their
work done, and be productive.
So how can one embark on such a mission? Here are some key strategies that any CISO should
be following:
1)
Maintain a sense of transparency:
When we all worked at the brick-and-mortar
offices before COVID19 hit, there was some sense of openness that was maintained,
of course depending upon your boss. At least at the places where I have worked
at, I was fortunate enough to have that in my managers. But now, with everybody working from home,
and being in the digital world that we are in now, this level of transparency has
now for the most part, disappeared. True,
we can still see each other on Face Time, Zoom, Microsoft Teams, etc. But it just isn’t the same anymore. Somehow, managers across Corporate America
are going to have find a way to bring all of this back, as the notion of the
Remote Workforce looks like is now going to be a permanent fixture. It has transcend all levels of the employer
and employee relationship, even from the standpoint of Cybersecurity. Employees don’t want to be scolded if they
make a mistake, for the most part, we just need to be told what we did wrong,
learn from our mistakes, and move forward.
So, it is in this sense that managers have to cultivate more a friendship
kind of environment, and most importantly, one that will foster a sense of deep
trust. At least from the standpoint of
Cybersecurity, one way to do this is have a hotline of sorts in which employees
can report suspicious behavior to the IT Security team on an anonymous basis, without
the fear of retaliation or job loss. In
fact, according to a recent survey conducted by Price Waterhouse Coopers (PwC),
only 26% of the respondents polled felt that they could report an incident to their
manager without the fear of reprisal.
Now, that is pretty bad, and this number has to improve greatly before a
true sense of openness, honesty, and transparency can even evolve. More information about this survey can be see
at the link below:
https://www.pwc.com/us/en/library/covid-19/survey-adopt-a-cyber-savvy-culture.html
2)
Employees are your strongest asset:
Its’ in the news headlines all the
time, that your employees are the weakest link in your security chain. They see and read about it, and by mistake,
you probably reinforce it as well when you communicate to them. Because of this daily onslaught, your
employees are indirectly brainwashed into actually believing this
nonsense. So as result, they are too afraid
to try anything new, and if something does go wrong, they then blame
themselves, which leads into more self-pity, and decreased productivity. The time to stop this is NOW!!! You need to change this around by
telling your employees on a constant basis that they are your greatest assets,
after all they are your eyes and ears when you are not around. You need to tell them that it is OK to make a
mistake, and that if anything does happen, your business can recover. But of course, you have to strike a particular
balance here as well, in that you do not want employees purposely to make
mistakes by letting their guard down.
One of the best ways to do this is by having a good Security Awareness Training
program. Yea, I know, we all have heard
about this, but the moral of the story is that it should not be some boring lecture
for one hour that your employees care nothing about. Rather, you need to make them fun and
competitive by instilling a sense of teamwork and togetherness. In other words, you want them to come back
for more training, and not the other way around. This is one strong way in which to motivate your
employees to have a stronger level of Cyber Hygiene. In fact, include the concepts of Gamification
in your training approaches.
My Thoughts On This:
Now more than ever, you need to rely on your employees to be
that proverbial 6tth sense for you to help you keep an eye on those digital assets. As I wrote about in yesterday’s blog, it all
comes down to being proactive.
However, that does not simply mean that you go on a spending
spree to buy new security tools and technologies.
Rather, it means instill a sense of Cyber empowerment with
your employees, by taking action on the steps detailed in this blog. It also means recognizing your employees for
a job well done on the Cyber front.
You don’t have to be lavish on the spending, even a gift
card, or a reduced membership price to the local gym can help the human spirit
go a long way than you have ever imagined.
Also keep reminding your employees that the Cyberattacker
can be defeated. It may not happen all
at once, but over time, it will certainly happen as long as you take the earnest
efforts to maintain a sense of openness and transparency.
No comments:
Post a Comment