Cybersecurity experts have often claimed that employees are the weakest link in an organisation’s information security defenses. But is this actually the case?
While much time, effort and resources have been expended on security software and hardware to try and keep threats from reaching employees, the fact remains that they can’t stop everything.
Employees are frequently cast in the role of the weakest link because they are seen as a means to circumvent many of those hardware and software security measures.
It’s understandable why people should think like that. Tricking an employee to click on a link that launches an attack inside the company defences, for example, requires less technical knowledge than trying to break through the walls from the outside.
There is a danger that focusing too much on technology and automating security ignores the critical role that employees have to play in your security strategy.
In recent years, the term “human firewall” has been used to highlight the crucial part employees play in protecting companies against cyber threats.
Remote workers are on the frontline
To a certain extent, it was theoretically easier for organisations to lock down employees from a security perspective in traditional office-based workplaces. Access to external sites could be restricted from inside the network. Downloads to desk-based devices could be controlled and quarantined using corporate security controls.
With nearly everything controlled, monitored and secured inside the corporate network, it was easy to forget that employees still had a role to play in the security strategy.
The rise in the popularity of phishing and social engineering attacks served as a timely reminder of how important they could be.
The migration to home working during the COVID-19 pandemic moved large numbers of employees from inside the company fortifications to lightly protected workplaces outside.
Those isolated home workplaces created hundreds, possibly thousands, of points of entry for cyber criminals on a new corporate frontline stretching far beyond the original company walls.
Businesses have used a number of technologies to extend their security to those new workplaces, such as unified endpoint management, access controls, automated patching and updating and cloud-based security services.
Power to the people
Technology is important, but what about the human element?
Think of the employees who spent all their time in an office that suddenly turned into remote workers overnight. Work invaded their home, took it over to some extent.
Their workplace changed, their work patterns were disrupted and they found themselves using different devices.
Their security profile also changed. This presented a challenge to businesses. Many struggled to train employees and maintain awareness of their security policies when the workers were inside the company. How much more difficult is it now their employees are remote?
Communication is far more important when employees are isolated from the business; where socialising with colleagues in the office has been lost, replaced by video calls and emails.
Isolation can be demotivating and dangerous. It makes sense to try and engage remote employees and encourage interaction. Without it, they could be more vulnerable to cyber attacks.
A potential benefit of dealing with remote workers is it could be easier to schedule and deliver security training and awareness to dispersed workplaces. Without the need to gather your employees into a specified room or location, it can be easier to get their participation for a set time.
Their experience of working remotely should also make them more comfortable participating with distance training, learning and company communication via video.
If anything, training and awareness could be even more significant now so many employees outside the company walls. Technology can automate and deliver a very large part of your workplace security but the human element is still very important.
We can help you address the wide range of cyber risks your business faces and provide the communications you need.