Featured Product
This Week in Quality Digest Live
Management Features
Sara Adams
Here’s how you can avoid making them
Stavros Karamperidis
Ships that diverted from their usual routes during the pandemic are cutting it fine to get back to China in time to restock
Torsten Schimanski
Benefits to students, employers, and industries do more than address the skills gap
Eliot Dratch
Responding to the organization in the mirror
Sana Kazilbash
Using tools like Autodesk Fusion 360, the CNC Enhanced course is facilitating inclusion in manufacturing

More Features

Management News
Is the future of quality management actually business management?
Sept. 16, 2021, at the Duke Energy Center in downtown Cincinnati
Morse has a long history with the center, both as a faculty researcher and for serving as the center's deputy director since 2010
Siemens introduces PCBflow, a secure, cloud-based solution for accelerating design-to-manufacturing handoff for printed circuit boards
Includes global overview and new additive manufacturing section
Tech aggravation can lead to issues with employee engagement, customer experience, and business results
Harnessing the forces that drive your organizations success
Free education source for global medical device community

More News

Don Cox

Management

Five Steps to WFH Cybersecurity

Businesses can’t afford to delay cybersecurity measures any longer

Published: Tuesday, May 18, 2021 - 12:03

Despite the high ratio of intelligent work-from-home (WFH) business professionals, the current cybersecurity landscape for that work model could best be described as disorganized and dysfunctional. Hackers have been busy exploiting these cyber risks, as evidenced from the reported 300-percent increase in cybercrimes in just the first quarter of 2020.

In the more than 791,790 cybercrimes reported throughout 2020, the total losses exceed $4.1 billion. For small or family-owned businesses, losses from a cyberattack could be unrecoverable and have ripple effects for years to come. The swift shift to remote work at the onset of the Covid-19 pandemic only exacerbated flawed and often stop-gap cybersecurity plans. Now, more than a year into virtual work for many Americans, it’s clear businesses can’t wait any longer to fully invest in cybersecurity for team members, programs, and education as WFH is here to stay.

In March 2020, Covid-19 caught nearly every company, large or small, off guard, as they sent their employees home with little notice and no real plans. With more than 50 percent of the workplace remote, this change without proper protections and guardrails is a recipe for disaster. In this shift, employees began using personal computers, home networks, and unprotected company-issued technology—all of which are massive cyber risks.

The quick and unexpected switch to a mostly remote workforce meant new software, hardware installations, and rollouts weren’t properly deployed or installed. Plus, IT departments scrambled to conduct and complete security audits and develop procedures.

As vaccinations become widely available and case numbers trend downward, leaders must make important decisions about remote work indefinitely. While deciding between hybrid work models or a phased reentry to the office, cybersecurity teams must lead the charge to keep company data safe during these changes.

At this point, companies have figured out a game plan for continuing to operate, but it’s worth considering if there are stronger, more efficient, and more sustainable ways to securely continue virtual work.

After 25 years in the industry and working in numerous companies, these are the five steps I strongly urge business leaders to take to boost cybersecurity as WFH continues.

Invest in web-based applications
Instead of wondering who might have access to company data, secure it exclusively through web-based applications. This setup allows companies to fully control access and provides another level of required verification to stop hackers from gleaning data. There are countless types of software, services, and applications that could apply to different businesses or industries, but every business should look carefully at their potential access points and investment in shoring up any vulnerabilities. This could save thousands of dollars in the long run.

Create clear, communicated policies
The initial frenzy of the pandemic has passed, and it’s time to look at WFH measures with intention and for sustainability. To secure company data, companies must create clear policies about software updates, information storage methods, password protections, and more, and communicate them to employees. Taking these policies one step further, they must enforce sanctions if the policies and procedures aren’t followed. This shows employees the seriousness of cybersecurity and provides a clear incentive to follow the policies moving forward.

Cybersecurity measures must come from the top down
Company leadership has to be fully invested and vocal about its support of cybersecurity measures. Employees will emulate what they see leadership doing and value what they value, so ensuring the CEO, board of directors, and managers have bought in to the measures is critical.

All team members are cybersecurity team members
Regardless of what department or job title someone has, all employees must see themselves as a valuable member of the cybersecurity team. A data breach affects the whole company’s ability to function and remain profitable, so all employees should be educated and trained on security measures within their own roles. IT departments can help with this by being visible within the company, present at work events, helpful in assisting with issues, and relating potential vulnerabilities to the employee or project at hand.

Institute advanced training for IT teams
IT teams must think beyond a standard checklist and look at the whole environment of their companies. By understanding the normal patterns of employee behavior, cadence of emails, and more, cybersecurity professionals can detect anomalies in the company’s network environment and quickly work to secure them. A personal tactic of mine in training IT teams is taking deep dives into notable hacks and cybercrimes. It’s been said, “There’s nothing new under the sun,” and cybercrimes are no different, so recognizing the patterns of vulnerabilities gives teams insight for where to strengthen protections and mitigate damage.

For companies planning to head back into an office environment, there are new challenges to consider as employee’s home networks and personal devices intermingle with company networks and devices. There are several potential solutions to this, including having employees wipe the memory from personal computers used during remote work; issuing new company-owned devices; or creating a drop-off system for devices to be prescanned by the IT department before employees return to the office. All these solutions offer advanced protection, but also come with tradeoffs for the amount of time, money, and effort required.

As industry has from the very beginning, cybersecurity will continue to evolve and protect the people and information that are most important. It is imperative for company leaders to take cybersecurity seriously in workforce logistics, and for cybersecurity professionals to hold a valuable seat at the table to guide us forward safely.

Discuss

About The Author

Don Cox’s picture

Don Cox

With a Master of Business Administration, Masters of IT Management, Graduate Certificate in Chief Information Officer Competencies, CISM, Security+, PMP, ITIL, and other computer forensics and industry certifications, Don Cox is the Chief Technology Evangelist at CIBR Warriors. Cox serves as an Executive Member for CyberTheory.io and CyberEdBoard Community. As a leader, innovator, and motivator, Cox is known for his vast knowledge across many technology domains.