Is technology changing how we work, or is work changing how we use technology? Regardless of the cause, remote and hybrid working is now the norm and with a potential four-day week on the horizon, it’s clear organisations can no longer rely on a centralised network to provide their people and customers with the required level of support or security as before.
The rapid move towards remote and hybrid working has exposed IT systems to a host of new, and previously unconsidered, security challenges. Organisations are now only as secure as their weakest point which can expose systems to a range of potential threats. The urgent need to safeguard personal data and enhance cybersecurity activities should sit at the heart of all organisations’ security strategies for the future.
Recent increases in data breaches and cyber-attacks, both on private and governmental organisations, globally have highlighted the greater demand for comprehensive cybersecurity strategies. The pandemic has shown how the workplace can, and needs to, adapt to decentralised working without decreasing the level of accessibility, security and data protection.
Cybersecurity Challenges at the Heart of Digital Transformation
The pandemic forced the hand of many organisations and posed various challenges to cybersecurity for how employees access, share and work with data.
The sudden lockdown measures meant cyber security managers had to meet the technology demands of a WFH set-up at short notice. With limited procedures and policies in place on how to manage cybersecurity for remote workers dealing with customer data.
It also demonstrated that there was no ‘one size fits all’ solution to those problems, which varied from team to team. Part of the reason why IT departments struggled to monitor, protect data and mitigate cyber risk initially was the lack of industry standards on how to navigate and protect sensitive data.
Personalising the approach to building a human firewall
It’s not just down to the technology. A tailored approach that assesses the level of cybersecurity knowledge within an organisation on a case-by-case basis can help decision makers better understand the current gaps in data safeguarding and the effectiveness of existing operational practices.
Senior leadership may, in all likelihood, find a personalised approach will allow them to identify where additional training may be needed for individuals and key stakeholders.
Ongoing employee training is consistently identified as a key driver in enhancing cybersecurity, regardless of industry or sector.
An employee who completes regular training on how to use technology securely is less likely to make poor decisions or find a workaround which could put an organisation at risk. This approach can also help when it comes to gaining employee buy-in, through clear communication and the offer of professional development.
A well-managed cyber security strategy
While on the frontline of defence, IT departments cannot stand alone in providing the resources and solutions being called for. They need metrics, they need collaboration, and they need organisational buy-in.
Ricoh’s Leading Change at Work report, identified a set of general actions companies across different industries can take to start building their digital transformation strategy and cybersecurity policy. Here are some top-line recommendations which could serve as a guideline and ease the framing of operational gaps.
- Revisit strategic objectives for IT departments as digital transformation and security are the lifeblood of business continuity
- Adopt a layered approach with defence in depth
- Move from reactive approach to proactive with 24/7/365 monitoring and threat hunting.
- Get employee buy-in through training and communication can help protect data by reinforcing good practices
- Policies need to be built on a personalised foundation and joint effort between robust IT teams with an in-depth technical understanding of vulnerabilities and senior managers who understand the specifics of the mitigation strategy
It’s been a steep learning curve for many, but with the way we work continuing to evolve at a rapid pace we need to be able to pivot and adapt to meet security needs.