IT experts: Head off lax cybersecurity habits from remote work before reopening the office

In the last year, the workforce had to make major adjustments to navigate the COVID-19 pandemic. While many workers were able to shift to a remote working model, this has created serious consequences according to IT and cybersecurity experts. A new report released by Tessian shows that a third of employees picked up bad cybersecurity habits and behaviors while working from home.
It’s critical that employers address these issues as employees transition back into the workplace. Breaches to security can have costly impacts on businesses. It’s estimated that cybercrime will cost the global economy $6 trillion in 2021. This problem is expected to get even worse and is estimated to reach $10.5 trillion by the year 2025.

Addressing the most common cybersecurity risks

Fortunately, there are plenty of solutions to help employers reduce their risk and keep their data and information safe from criminals. Based on the Tessian report, these are the most common concerns that IT professionals have and what companies can do to address them.

1. Include IT in return-to-office discussions

As your company plans for employees to return to the office, you must involve all of the right people. One group that is often forgotten is IT. The IT team can help spot concerns or risks for the organization. They can also help you write the appropriate policies and procedures for device use, network security, and cybersecurity training.

2. Control personal device use

It’s difficult to control how employees work when they are away from the office. The report noted that there has been an increase in the use of personal devices for work activities in the last year. Since personal devices aren’t regulated like company-issued devices, they often have outdated virus and malware protection or are used to also access unsecured networks or sites. About54% of IT leaders have concerns with employees bringing infected devices into the workplace and connecting them to the company network. This seems to be a valid concern since 40% of employees stated that they plan to bring personal devices with them when they return to the office.

To address this, employers should establish a policy that regulates the use of personal devices in the workplace. Employers can also consider reevaluating the equipment that they issue to employees. In some cases, employees may switch to personal devices that are of better quality or have fewer restrictions (For example, the employee may prefer to work on their personal iMac than a company-issued Dell laptop).

3. Make safe cybersecurity practices a condition of working remotely

While some employees may be returning to the office soon, many will continue to work remotely on a full-time or part-time basis. In fact, 90% of organizations plan to implement a hybrid model that blends remote and return to office work modes.

For these situations, businesses should establish guidelines that make safe cybersecurity practices a condition of working remotely. Employees who don’t follow the rules could be asked to return to the office full-time. These guidelines could include staying current on cybersecurity training, always utilizing VPN when connecting to company systems, or zero instances of a cybersecurity breach. 

4. Require refresher cybersecurity training

Returning employees to the workplace is the perfect opportunity to provide them with refresher training on cybersecurity best practices. In some cases, they may not even be aware of behavior that puts the company at risk. They might not know that their personal device’s antivirus software is out of date or the risks associated with connecting to the public Wi-Fi at Starbucks.  

5. Create a safe environment to report cybersecurity threats

Employees are an important line of defense for companies when it comes to data security and system integrity. Unfortunately, many employees don’t feel comfortable bringing mistakes or concerns to light. Tessian found that 27% of employees feared disciplinary action or being required to take additional training if they reported cybersecurity issues.

 

While it’s important to address these concerns, be sure that your company isn’t sending the wrong message to employees. Make sure that you create a safe environment for them to report potential threats to the business without fear of retaliation.

6. Evaluate business travel guidelines

As travel restrictions ease, IT experts are expecting cybercriminals to target business travelers by disguising themselves as travel agents, hotel or airline employees, or company executives. To make matters worse, business travelers are the most vulnerable as they connect to hotspots in airports, hotels, and public transportation. 

 

Providing special training to employees who travel frequently or providing them with secure options to connect can help mitigate this risk. 

7. Test your cybersecurity program

Phishing attacks are the most prevalent type of cybersecurity breach.The FBI reported that instances of phishing have doubled in the last year. The majority of IT leaders believe that this number will continue to increase as people return to the office. 

 

In addition to training employees, you can also test your own systems. There are companies and software that specialize in this type of evaluation by sending employees fake phishing emails. The company then receives a report that outlines the areas of risk and how to improve them.