How To Start Addressing Insider Threats in an Evolving Work Environment 

In February 2020, a Time Magazine headline declared, “The Coronavirus outbreak has become the world’s largest work-from-home experiment.” Over a year later, that experiment has been a resounding success for companies and employees who found abundant upsides to less rigid workplace expectations. With WFH and hybrid team structures trending in interest as companies evaluate how to make remote work an ongoing part-time or full-time option for employees, now is the time to consider what your new technology protocols are; from collaborative access to protecting against and addressing insider threats, looks like with the evolving work environment.

Moving forward, it’s clear that remote work is much more than a rapid response to a global health catastrophe. For many companies, it’s part of a flexible work arrangement that will define the present and future of work. According to a January PwC survey, “As a result, by design or default, most companies are heading toward a hybrid workplace where a large number of office employees rotate in and out of offices configured for shared spaces.”

Of course, this profound opportunity also comes with significant challenges that leaders will need to address in the year ahead. Particularly, cybersecurity, which is becoming a more pernicious and expensive problem every year, is more difficult to prioritize in a hybrid environment, especially when guarding against and addressing insider threats. In one survey of leaders managing remote teams, 20% of respondents reported a security breach caused by a remote worker. 

For leaders looking to optimize a hybrid workforce while guarding company and customer data, here are three best practices for supporting both priorities without compromise. 

#1 Prepare Remote Teams 

For most workers, cybersecurity is not a top-of-mind priority. They have their own responsibilities and obligations, making cybersecurity an often-forgotten business element that takes a back seat to more immediate responsibilities. 

However, a company’s cybersecurity capacity is often directly related to employee readiness. For example, phishing scams, which increased significantly alongside the pandemic, pose a heightened risk for remote workers. According to Deloitte, “47% of individuals fall for a phishing scam while working at home.”

While cybersecurity software will filter many of these malicious messages, some will inevitably make their way to your teams, and they need to be ready to respond appropriately. The same is true for less pernicious but equally destructive data management habits. 

Personal and professional technology is often interchangeable, especially when teams work remotely, which puts company data at risk. Similarly, vulnerable internet connections, device compromise, and a litany of other risks make it critical that companies actively and routinely train their hybrid teams in cybersecurity best practice. 

Collectively, employee negligence cost companies 11.45 million dollars in 2020, playing a central role in 2,962 of the 4,716 insider threat cases identified by IBM’s annual Cost of Insider Threats report. Preparing remote teams to identify and defend against the most likely threats improves teams’ defensive readiness in any environment. 

#2 Guard the Perimeter

Unfortunately, even the most well-prepared employees can still cause a cybersecurity incident when working remotely. 

For instance, 52% of employees say that stress causes them to make more mistakes, while 43% and 41% say they are prone to errors when tired and distracted. Even as companies slowly emerge from the COVID-19 pandemic, many people remain exhausted, distracted, and under immense pressure to perform. 

What’s more, bad actors within a company may be more tempted and empowered to steal company data, compromise IT integrity, or undermine data privacy compliance. Taken together, it’s obvious that companies need a solution to prevent trusted insiders from compromising cybersecurity and data privacy initiatives. 

That’s why organizations managing hybrid teams need to guard their perimeters with endpoint data loss prevention software that obstructs efforts to access or remove company or customer data from internal systems. This incredibly capable technology reduces risk by automating data security standards for on-site and remote employees, enabling cybersecurity leaders to stop data breaches before they begin.  

#3 Empower Cybersecurity Staff  

Even before the pandemic, cybersecurity staff were reeling. A 2019 survey of cybersecurity and IT professionals found that 65% were considering quitting their jobs because of stress, and a similarly high number were contemplating leaving the industry altogether. Today, those numbers are even higher as three-quarters of cybersecurity workers now feel burned out by the continuous onslaught of new cyberattacks and the expansive threat landscape created by the transition to a hybrid workforce. 

For 70% of cybersecurity professionals, the volume of alerts has more than doubled in the past year, with many handling more than 1,000 every day. This pace is unsustainable, and companies can empower cybersecurity staff by embracing automation to reduce the overall number of threats that cross their desks while continuing to protect against data loss. 

Specifically, automation can:

  • Monitor digital activity for signs of accidental or malicious data sharing or exposure
  • Reduce the number of cybersecurity threats, like phishing scams, that target employees
  • Prevent data exfiltration before a breach
  • Notify IT personnel of the more pernicious risks

New threats are continually emerging, and automation can help companies keep up without depleting or overwhelming their workforce in the process. 

A Closing Thought 

The hybrid workforce may be an inextricable part of the present and future of work. Still, its success will, in many ways, rely on the organization’s ability to empower employees to work from anywhere without compromising cybersecurity, data privacy, or regulatory compliance obligations. 

Ultimately, many organizations may not perfectly execute on this priority, but they can act with intentionality, and those efforts can and should start now. 


Source link

Isaac Kohen