Don’t overlook training when preparing for a new world of work
By Rob Rashotte
As important as the right technology is, end users — whether at home or in the office — are the front line of any security strategy.
By Rob Rashotte
The world changed for many organizations last March. Recently it’s become clear just how significant that change really was.
A global report we released this past Summer found that nearly two-thirds of organizations transitioned more than half their people to remote work — practically overnight. Not surprisingly, 83 per cent of them found this task to be moderately to severely challenging. This was especially true when it came to enabling secure connectivity, ensuring business continuity and keeping business-critical applications running smoothly.
Given these challenges, and the fact that many organizations expect more than half of their employees to continue working remotely full-time after the pandemic, it’s time to look to the future. Two facts are now clear. First, for employers facing a sizable work from home contingent, cybersecurity policies must permanently extend to include the home, and IT teams and employees alike must prepare for this new reality. Second, even for those companies with staff working mostly on-premises, it’s worth considering that cybercriminals are becoming more sophisticated, with the onset of COVID-19 making the overall cyber threat landscape even more dangerous. No matter where you stand on work from home, the risk of relying on out-of-date security solutions or policies is now more significant than ever.
The report found that IT teams are still working hard to close the security gaps, and 92 per cent are making the necessary budget investments. But as important as the right technology is, end users — whether at home or in the office — are the front line of any security strategy. They need more than the right tools. In fact, cybersecurity training may be more necessary than most companies recognize. Canada, like most other places in the world, continues to face a chronic shortage of skilled security talent, making hiring a difficult proposition. Demand was already high before March, but the onset of COVID-19 has made the demand for these skills even more urgent.
Here some practical suggestions for what organizations can do to get their people up to speed and taking the necessary steps to reduce the work-at-home risks.
First, get the basics right. To make this process as easy and inexpensive as possible, take advantage of free, third party third-party training programs like our Fortinet NSE Institute to help their workers become more aware of the threat landscape. Ideally, all workers should be able to identify and avoid opening suspicious emails, websites or text messages. Also, encourage employees to look at all the devices they use — including those they own and use at home — and ensure they are patched and up to date. Now’s also the perfect time to reinforce basic password practices.
Once that’s done, consider ways to make cybersecurity part of your working culture. Often IT teams are left to carry the security message alone. The risk there is that the message gets lost amid other day-to-day priorities, and may not convey how serious an issue it is. Take steps now to address that oversight. Make senior leaders — not just IT — the vocal champions of cybersecurity, reminding employees in clear communications that cyber hygiene is critical to the successful operation of the business and an expected part of everyone’s job description. If they need convincing, do a quick tally around the costs of extended downtime should networks become inaccessible to employees or customers and make sure leaders are aware of the risks.
Don’t forget to take into account the needs of your IT teams. Even if your work from home transition went smoothly, don’t take that to mean that they don’t require any additional training or support. People who enter this field are by nature eager to learn and are likely to seek out additional training opportunities wherever they can be found. Talk to them, understand what it has been like to support a large remote workforce, what it will require to maintain that long-term. The good news is that many of the same online training opportunities available to employees also have tracks tailored to technology professionals, meaning they can be customized according to specific needs and experience levels.
Finally, it’s recommended that organizations reframe how they view cybersecurity. There’s been a tendency to view security policies as restricting and they may appear that way in absence of context. But we know that organizations that prioritize digital innovation are seeing impressive results. COVID-19 may have affected timelines, but the digital transformation continues and for many industries, has greatly accelerated amid shifting consumer habits. Viewed in this light, cybersecurity can be seen for what it is — a mechanism for ensuring innovation does not introduce risks that could compromise the entire enterprise.
It’s only been six months since organizations took major steps to adapt to COVID-19 and many are still dealing with keeping things running smoothly. But with large scale work from home likely here to stay, it’s important for IT teams to step back and begin laying the foundation for long-term business success amid a new world of work.
Rob Rashotte is vice president of global training and technical field enablement at Fortinet.