Feelings of isolation among employees is the biggest concern IT and cybersecurity teams have around home working, say three in ten (31pc) of respondents to the latest Twitter poll run by Infosecurity Europe, the information security event series. Staff isolation is causing more worry than employees sharing devices with other household members, the top concern for 26.4pc, reduced vigilance (cited by 24.9pc of those replying), and the risk of clicking malicious links (17.7pc).
Nicole Mills, Exhibition Director at Infosecurity Group says: “The results illustrate that the welfare of employees – and the impact ongoing remote working is having on their security behaviours – is currently top of mind. Being isolated, while juggling work and all the other competing pressures generated by the pandemic, is likely to be affecting people’s mental health. Working at home also potentially distances staff from company security policies and the support of the IT team, making them more susceptible to letting their guard down, being overly trusting, or simply losing motivation.IT and security leaders must find ways of keeping employees engaged and firmly anchored in the company security strategy.”
Awareness training is key to sustaining connections with employees, according to Infosecurity Europe’s poll, with 39.2pc of respondents believing awareness training is the best way of mitigating remote working risk. This is followed by web and email security (28.1pc), endpoint protection (19pc) and identity and access management (13.7pc).
Comment
Steve Wright, CISO of Privacy Culture and Former Interim DPO Bank of England, says: “I would suggest that understanding where your risks are is more important than jumping into ‘solution mode’ with endpoint protection, for example. Organisations have not carried out a proper assessment about the whole impact of working from home, with respect to data, IT and general operations. This will differ by business operation, role and function, in addition to people’s home circumstances – such as whether they’re in a shared flat or their wifi speed.
“Once assessed, the necessary policies and procedures should be updated, and training and communications carried out to staff. Refresher training delivered via short videos and animation is necessary for the whole workforce. As well as easily accessible awareness training and guidance employees need more automation and dynamic support, with messages that say for example ‘this looks like it’s confidential, go here to protect it’.”
And Maxine Holt, Senior Research Director at Omdia, echoes the human factor: “Organisations need data protection, but also to ensure that the remote working environment is as secure as it can be. Remote employees don’t have the same ‘mindset’ as they would in the office – they walk away from laptops without locking them, set easily-guessed passwords on routers, or don’t apply updates to equipment. We’ve seen IT and information security functions provide great regular hints and tips for staying secure when working from home, improving awareness and education. This can also include support for mental health, as security may well decline if an individual is suffering. There’s definitely evidence of the boundaries of responsibility between information security and HR merging – and this is for the better.”
About the Twitter poll
Drawing 6,568 responses, the poll was during the week of February 8. Infosecurity Europe also interviewed CISOs and analysts for their views on the threat landscape. Infosecurity Europe, now in its 25th year, is due to run at Olympia, Hammersmith, London, from June 8 to 10, after the 2020 show was not able to go ahead due to the coronavirus pandemic. Visit https://www.infosecurityeurope.com.
Picture by Mark Rowe; the 2019 show floor.
