In the last year, we learned how easy it can be to work remotely. But new challenges, particularly around security, have changed what it means to manage remote teams. Ransomware attacks and other data breaches have become more costly and, aside from the financial damage of these attacks, the long-term reputational damage could be enough to force closure.
In many of these cases, mistakes are found in breaking some of the most basic security principles, like using a strong password or not clicking on links from unknown sources.
To overcome these challenges, leaders must instill a culture of security that values communication, adaptability, and flexibility. While there is no silver bullet to solving security challenges, by fostering dialogue between IT security teams and the rest of the company, you can increase your defenses and reduce risk.
Admit It — We Have a Problem
Evolving threats require constant attention, but many businesses can fall way behind on security education for employees. A recent survey on shadow IT we conducted of 400 remote workers across the U.K. found that nearly a third had received no security training in the last six months and that lack of communication resulted in other risky behavior, like using unapproved software and hardware on company devices.
This represents a serious disconnect between IT and the rest of the company, particularly around the risks employees face.
Now that employees are working from home, they’re no longer protected by company firewalls and may be relying on a personal device that lacks security software. With the potential for lowered defenses on devices, communicating what to do when employees encounter a potential hazard can help stop an attack before it happens. Phishing attacks, in particular, can lead to ransomware, data theft, and spread malware, and are constantly evolving to infiltrate organizations.
It’s the job of leadership to facilitate open dialogue across the organization around security scenarios that employees may encounter. By embedding security into the culture, every action teams make, from sending emails to sharing important data, will be more secure.
Adapt to Employees’ Reality
Shadow IT — or the use of unauthorized hardware, software, and other cloud tools — thrives when employees lack the tools or guidance they need to do their job. While it may seem innocent, shadow IT can be the source of back doors into company data and its persistence means we should adapt our security policies to the way employees actually work.
Maintaining a separation between work life and personal life on employee devices is important for more than mental health. Not only are unmanaged applications less likely to be patched, but they also reflect poorly on the organization, suggesting the IT team isn’t willing or able to manage potential risks.
Regular audits of the hardware and applications employees use can help spot potential risks before they get worse or point to areas management should invest resources in. For example, if employees are using multiple communication apps to talk with each other, reining these conversations into a single, managed source that is already being used can reduce frictions between security and productivity.
Different departments within the organization may have different IT and work needs, and this means a one-size-fits-all solution won’t always work. Leaders of remote teams should work to understand the needs and limitations of each and tailor security plans to reflect reality.
Make Security Part of the Culture
Baking security into an organization’s culture takes time, but the best first step is simply talking about the risks, priorities, and deficiencies of the current security program. Developing and following a flexible framework that includes frequent security awareness training and updates from IT teams can go a long way in ensuring security stays top of mind for employees and embeds key concepts like strong passwords and procedures for sharing sensitive information.
As remote work continues, it’s the responsibility of team leaders and executives to set an example for solving communication breakdowns and make space for all voices to be heard. When employees feel empowered to come forward with questions or voice frustrations about security policies, that creates a culture where openness and transparency can proactively solve security challenges.
Maintaining security is a never-ending job but one that’s made harder when a lack of understanding and communication leads to avoidable risks. While IT security teams will always be the main defenders against cyberattacks, leaders should recognize their own role in security and use their position to foster dialogue, cooperation, and understanding.
