Why we need to build trust and security during and after Covid-19.
If you’re a business, here’s something important to factor in. It doesn’t matter how well you communicate your message. If your systems aren’t secure, there’s a breach in trust. And that’s going to affect your message.
Systems security – both in your technology and in how your people use it – is the foundation for building trust with the world. It’s the foundation for building trust with your marketplace, and it’s the foundation for building trust inside your company.
And now, in the Covid-19 era, where you’re not in the office, but working from home, building trust is more important than ever. How do you know if your colleagues or staff are doing the work they’re supposed to, following all guidelines and rules? Lack of trust equals lack of security, which is a risk for your company.
According to Sam Curry, Chief Security Officer at Cybereason, there are several major Cybersecurity risks when working from home. How do we build both trust and security? First, let’s talk about building trust. Then, we’ll talk about security.
5 simple steps of building trust:
- Acknowledge and challenge stress
Working from home is not always a piece of cake and can be stressful, especially with the entire family in the same space. The importance is not to ignore the stress and instead, work with it. Keep a bit of dialogue going with your colleagues to support one another. Use active listening. And use tools like the SMART model for setting goals that keep you aligned: Specific, Measurable, Attainable, Realistic, and Time-Sensitive with a deadline.
- Communicate often
Thorough and frequent communication is one of the easiest ways to create employee loyalty and trust. People want to know what the company is doing, where it is going, and how they are impacted. Gallup polled 2.5 million manager-led teams in 195 countries and found that daily communication with direct reports measurably improved workforce engagement. Via Inc
- Show vulnerability
No one is perfect and we all make mistakes. But we don’t like to show them. If one person shows their vulnerability, emotions, and mistakes, it’s easier to get other people to share and through that, build trust.
The most emotionally connected leaders let their employees know they need their help to build the best organizations possible. – Simon Sinek
- Set agreements instead of expectations
It’s easy to “expect” your colleagues or employees to do work in a certain way, finish certain tasks or communicate on projects. But unless there is an agreement in place, those expectations can be easily misunderstood and breach whatever trust was there.
- Take responsibility
Show and take responsibility for your actions and its impact. Working from home can cause a loss of motivation and focus and distractions will be plentiful. Be honest with yourself and your colleagues about your situation and recognize your responsibilities.
So, now that we’ve practiced trust, we also take the steps of being secure. Lack of security can in a company is disruptive and can decrease trust in the company. We’ve helped a number of businesses make sure their staff’s home environments are secure workspaces quickly since the pandemic arrived.
A 6-point checklist for improving your work-from-home security program
Your company’s tech strategy should provide the same amount of security for your business whether you are in office or 100% remote.
You want to address cyber security issues at every level. The lion’s share of cyber security problems we see are due to human error, and preventable.
“It’s easy to think of hackers as masterminds that can crack the toughest defenses, but more often than not, hackers are just waiting for the everyday user to slip up. As it turns out, the everyday user slips up very often. In fact, 95% of data breaches can be attributed to human error. Human error can come in many forms, like accidentally clicking a phishing link, cloud misconfiguration, business email compromise, poor patch management, or an error in user privilege.” – Cybint Solutions
And with this being true whether the worker is in the office or at home, remote working certainly introduces additional security issues.
Sam Curry points out in Entrepreneur, “we’re dealing with everything from childcare to simply trying to find a quiet space for a call or to get work done. Our homes have become our offices, and in the rush to keep things going, we’re using new systems and adhering to security policies in a way that’s spotty at best.”
This 6-point checklist will help you determine if your cyber security is up to snuff for modern conditions – especially remote working – and give you insight into places you can improve your security.
- Make sure your entire staff knows your security plan.
Your company may have a great security plan that covers your network, equipment, and data, but does anyone besides your IT department know that?
How do you make sure everyone knows, understands, and can comply with this? The most important factor here is: Communication. Communicate with your employees on the various security plans, regulations, and updates.
- Create a safe plan for when your workers must depend on their home hardware, software, and systems as well as shared space and equipment, to protect privacy and information.
Whose equipment do your home-based workers use? Do they need to rely on their own computer? What antivirus program do they have? As Sam Curry says, “Business is being done over home ISPs, with unmanaged routers and printers, home automation systems in the background and even partners and children listening in on conversations or sharing machines while working for different organizations.”
How good is your workers’ home ISP? If it’s patchy, that lack of steady signal can put security programs at risk and create a breach. “Antivirus and detection tools need a constant network connection to remain effective at blocking attacks.”
- Make sure your employees are aware of the Do’s and Don’ts when working with collaboration apps.
How reliant are your workers on collaboration apps? Make sure your employees are aware of the Do’s and Don’ts when working with these apps. What are the risks of breaching security? What can be shared and not? Many apps allow you to share your content to other channels. Make sure there are clear guidelines and rules regarding using any third-party apps.
In Security Magazine we learn that “Attack surfaces have expanded during the crisis through employee reliance on collaboration apps. These tools are increasingly in the cross-hairs of malicious parties and have less than adequate patching protocols. In fact, vulnerabilities have forced organizations such as Google, SpaceX, and NASA to ban employee use of such applications to reduce their risk of more sophisticated breaches. Morphisec Labs researchers discovered one such flaw in the Zoom application in April that enabled threat actors to record Zoom sessions without the participants’ knowledge.”
- Train your staff to question sources and not respond to inquiries or emails that may be malicious.
How well-trained is your staff about phishing, for example?
In a remote working situation, with home-based distractions and less in person collaboration, staff may have a lower level of awareness about what’s safe to respond to and be more likely to introduce a breach due to phishing. That means we need to rethink our mindsets and approach to security right now.
“Because of phishing or fraudulent emails, we see things like the exploitation of a worker who responds to an email that appears to have been already authorized by their boss, but it wasn’t. Innocently, they think they’re pleasing the boss and doing their job. This can be hugely dangerous and costly. Employees need to become a little more wary, a little more questioning.” – Phil Neuman, CEO CyAs Tech
The best way to remedy this is through security awareness training. You want to educate your people to question and not automatically trust. To stop, and think ‘why should I do this?’ Our motto: ‘Think before you click!’
We have a few resources who provide staff awareness training that teaches employees to be suspicious in a good way. Employees don’t always want to spend time learning to be cyber-secure, but this kind of training pays dividends and is a lot of fun when it’s in a gamified format. Much of the security training we provide uses that game-like approach.
- Create a culture of awareness and collaboration.
As we mentioned in the beginning of this article, safety lies in creating a company culture where everyone is well-trained about the company’s policies and protections as part of the overall camaraderie and collaborative spirit. It’s typically this camaraderie that brings about the best work product.
- Get an assessment of your system so you know if your systems are susceptible.
If you’re not sure about the quality or dependability of your strategy or IT setup, call us at CyAs Tech for an assessment. We’ll make sure you’re prepared for the current cyber security issues you need to address.