7 Ways to Decrease Risk and Increase Resilience With Employees

By |2021-11-18T18:46:49+00:00July 20th, 2021|0 Comments

Innovation comes with new challenges. As employees are increasingly working remotely, the risk of cyber-attacks continues to rise. Prepare for future workforce trends by decreasing risk and increasing resilience of employees.  

Global workforce trends are evolving due to a number of factors, chief of which is the growing impact of technology on the workplace. Recently, this has accelerated due to the impromptu demands that emerged on the back of the pandemic.

In addition, the pandemic has brought a new reality to the fore: organizations are beginning to acknowledge that they must adapt to meet the changing needs of the global workforce and prepare for inevitable future developments and challenges.

Accenture’s The Future of Work report confirms that, after the incidents of the past year, going forward, the vast majority of workers prefer a hybrid model. And already, 63% of ‘high-growth’ companies have adopted this idea to enable productivity anywhere.

However, business founders and leaders should not lose sight of the fact that this shift away from traditional working practices to remote or hybrid models can create new security risks. It takes strategic leadership to decrease an organization’s risks. Leaders must build a cyber-resilient culture in their organizations by empowering employees with the right knowledge and tools.

1.    Provide Training and Support

One of the most noticeable impacts of the pandemic on work culture is how it accelerated technological adoption.

Research shows that current technological adoptions were meant to be implemented in the coming years, not right now. Microsoft CEO, Satya Nadella puts it this way: “We’ve seen two years’ worth of digital transformation in two months.”

That is instructive and signifies that employees are rapidly acquiring skills of the future. In fact, some research estimates that skills that would only have been needed in five years are now in demand.

Recognizing these sharp changes, employers must take responsibility for reskilling their employees in order to make them adapt to new technologies.

Business leaders should provide the tools, training, and support that will help their workforce to navigate the fast-transforming landscape of work.

2.    Encourage Security Consciousness

Consciousness of risk is a strong deterrent to unwanted behavior. It is one thing to arm your business infrastructures with solid cyber defenses; that means nothing if your employees are not trained to recognize and shut down even the subtlest of risks.

After all, only a seventeen-year-old managed to hack into the Twitter accounts of global leaders by convincing an employee that he worked in Twitter’s information technology department.

Fostering a culture of cybersecurity at the workplace begins with encouraging employees to think security first in a bid to achieve ‘herd immunity’.

Have a cybersecurity awareness program dedicated to consistently communicating how cyber risks threaten a business’s values and profitability.

Employees need to always be conscious of vulnerability points and how protection measures must be integrated into their daily work routine.

This happens not by instilling fear but by inspiring confidence, which comes from adequate knowledge and competence to recognize and mitigate risks.

3.    Interoperability of Security Operations

In the past years, many organizations have established security operations centers in a bid to consolidate and coordinate cyber threat detection and response.

So far, this has worked well except that the fast-growing popularity of remote and hybrid work models is set to transform security operations.

On the back of the pandemic, SOC workers have become flurried in their efforts to maintain visibility over suddenly expanding attack surfaces. The solution to this is to adopt virtual SOC solutions (VSOC) that automate threat detection and response.

VSOC solutions employ artificial intelligence and machine learning to detect and neutralize threats in real-time, even before analysts recognize such a vulnerability, as in the case of rising zero-day attacks.

Traditional security has been known to feature diverse tools and technologies, essentially detached from each other.

Therefore, antiviruses, firewalls, VPNs work as security layers, rather than interoperable systems. Newer security technologies, such as Secure Access Service Edge (SASE) are breaking down this complexity by delivering converged, cloud-enabled security.

4.    Focus on the Endpoints

One of the top 10 cybersecurity lessons learned within one year of the pandemic is that ‘Virtual workforces make self-diagnosing and self-remediating endpoints a necessity.’

Remote/hybrid work puts a strain on cybersecurity asset management. Before now, it was relatively easy for IT managers to keep an inventory of assets, resources, and devices connected to a network.

Now, we are witnessing the rise of shadow IT as well as the threats and attacks that accompany such a deregulated practice.

IT departments need to double their asset management and endpoint visibility efforts to ensure that only accredited devices can access the organization’s systems.

Any device under the radar must be treated as high-risk and cut off from the network.

This can be enforced through risk-based authentication or other such zero-trust authentication tactics and technologies.

Mobile devices and IoT devices are the main culprits in endpoint security vulnerability.

5.    Practice Incident Response

There is a gap between theory and practice.

An employee might know what ought to be done when an account is exposed; actually doing what ought to be done is a different thing entirely.

To bridge this gap, you need to conduct simulations of cybersecurity incidents for employees to demonstrate exactly what they will do in case of an attack.

The purpose of Security Incident Response Simulations is to assess readiness, both of the workforce and the organization’s security infrastructure.

The simulations help you to recognize your own weaknesses and make strategic plans to strengthen defenses as required.

How to plan an incident response simulation:

  • Select a scenario based on possible threats, for example, what to do during a ransomware attack.
  • Collect relevant elements for the simulation and build the simulation model. The simulation must be realistic to foreshadow the implications of a real event to participants.
  • Invite participants and run the simulation.
  • Access the performance of participants and the strength of the security infrastructure.
  • Plan improvements to strengthen defenses.

6.    Adopt Secure-by-Design Technologies

In the world of work, new technologies are emerging and current technologies are evolving from traditional offerings and approaches.

In light of this continuous transformation, business leaders would be better off by prioritizing products and technologies that prioritize cybersecurity.

The world of work has advanced from an age that treated cybersecurity as a ‘feature’, rather than as an essential offering that must be integral to any organizational framework.

Therefore, as you encourage employees to think security first, you, the leader must play your part by putting security top of mind in all your decision making.

The next point shows why you must be strategic about implementing pervasive security-by-design.

7.    Don’t Treat Cybersecurity as a Problem to be ‘Solved’

If there was a definite solution to cybersecurity, it probably would have been long discovered. But there is no impenetrable or indestructible system.

The reality of this should make you take cybersecurity seriously and treat it as an ongoing challenge rather than simply an obstacle to be surmounted.

With every new technology, attackers find vulnerabilities to exploit the system. Attackers have even found a way to launch AI-based attacks that produce more devastating effects than traditional attacks.

AI-based attacks are more scalable, more sophisticated, and more effective at evading detection; so much so that only AI-enabled solutions can defend against them.

In essence, what is called cybersecurity is a continuously iterated, ever-evolving process of defending an organization’s technology infrastructure from attacks.

There is no ‘solution’. So, you must always be prepared for the next attack.

The most important factor in decreasing risk and increasing cyber resilience with employees is strategic leadership.

Equip your workforce with the tools they need to navigate the fast-changing world of work and build a pervasive culture of cybersecurity so that employees would be confident, but not slack, in protecting the organization’s technology infrastructure.

Recommend0 recommendationsPublished in Human Concerns

About the Author:

Online Marketing Consultant, Joseph Chukwube is a Tech Enthusiast and the Founder and CEO of Digitage.net (https://digitage.net/) and Startup Growth Guide (https://startupgrowthguide.com/), result-driven content marketing and SEO agencies that help brands generate organic traffic, demand and exposure. He has been published on Tripwire, B2C, InfosecMagazine and more.

Leave A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.