Protecting remote workers from cyberattacks requires a culture shift and new ways to guard against the 'weak link' of human behavior, experts say
- While companies adjusted to the technical cybersecurity aspects of remote work, it's not over yet.
- Organizations will have to build a workplace culture around security and compliance to stay safe.
- Cisco's Wendy Nather and Cloudera's Carolyn Duby tell Insider how companies can minimize cyber risk.
- The conversation was part of Insider's virtual event "Cybersecurity Trends: Prepare For A More Secure Future," presented by Cisco, which took place on Thursday, May 12, 2022.
Remote work is here to stay. While companies have adapted to the more technical parts of security during the work from home era, that may not be the only challenge.
Companies will have to build a new culture around workplace security and compliance to stay safe amid future threats, according to cybersecurity experts at a recent panel hosted by Insider on Thursday called "Cybersecurity Trends: Prepare For A More Secure Future," presented by Cisco. A new class of employees was thrown into the challenges of working remotely while many corporate policies weren't ready to handle it, and that has to urgently change to keep organizations secure.
In the future, companies need to understand how to adapt to a new culture where policies may differ across teams, Carolyn Duby, field chief technology officer at Cloudera, said. And the uphill battle may include some technical parts, but building a new culture of security ranks at the top of the list.
"As we look at the expansion of the remote workforce, we have to think about how we will go forward and how we will change the way that we work and the way that we train the humans because really the humans are the weak link," Duby said on the panel.
Beyond just avoiding clicking suspicious links in an email, employees need to prevent mental lapses that could unintentionally lead to significant security breaches, like a spreadsheet being visible through a mirror on a remote call.
"We all need to know, well, when people come over, you need to secure your laptop," Duby said. "Don't leave your doors open. There's a lot that we have to learn that we're not necessarily thinking about."
Those cultural shifts will have to be part of the new normal as the majority of workers plan to stay remote. Among those who have a workplace outside of their home, 61% of workers say they are choosing not to go into their workplace, according to a Pew Research Center survey of 5,889 respondents in February.
But of course, there will still be some technical challenges, too.
Because the shift to working remotely happened so suddenly, many employees logged in from their personal laptops or used home not-quite-that-secure WiFi networks. Companies are now playing catch-up to ensure employees are using the right tools, said Wendy Nather, head of advisory chief information security officers at Cisco, during the panel.
"People who were responding in the moment had to use whatever worked," she said. "So even if they had a corporate device, if it wasn't doing the job for them, they would just reach and pick up their phone or tablet."
Inevitably, it also comes down to building a culture of trust within a company. Instead of feeling forced to stick to archaic security standards, it will be more effective if employees are bought into a culture of protecting company information, Nather said.
"The most important thing in teaching users is building that trust with them and encouraging them to report things," she added. "Because if you start treating them as if you don't trust them, then you're going to have that antagonistic relationship."