Resilient Cybersecurity Policies for a Cybersafe New Year
As the year 2020 fades away, we have no doubt that many of the articles and discussions reviewing the impact of the COVID-19 pandemic will focus on the dramatic changes to the way we work, shop, and socialize. The most obvious change in our behavior is our complete dependence on technology for activities we once took for granted like commuting to the office, going to the mall, and meeting friends at a restaurant. For many of these normal activities, the changes brought on by the pandemic will be long lasting, if not permanent.
What may not get the focus it deserves is the critical role of cybersecurity. And, how we each need to change our thinking and behavior to be “cyber ready.” With so much of what we now do conducted online, the pandemic has accelerated the need to secure our businesses and our personal lives. We have known for some time that we need to do a better job protecting our institutions and individuals from hackers and other bad actors, but that need has become more urgent. More than ever, we face significant cybersecurity challenges. If you doubt the need, consider the huge increase in ransomware and phishing attacks since March targeting small businesses, municipalities, schools, and health care facilities. At the Cyber Readiness Institute (CRI) one global company we work with reported a 300 percent increase in phishing and ransomware attacks on the companies in their supply chain.
During the initial months of the pandemic, many companies had to focus on business resiliency and continuity, so they relaxed security policies to help individuals work efficiently from remote locations using whatever devices were available—sometimes business-issued computers and phones, but often a combination of personal and work devices.
Now, companies of all sizes are facing the realization that there is going to be a more permanent “new reality” to the workplace. Many companies are only sending a small percentage of their workforce back into the physical office, which means a hybrid work environment–where some employees work from home, some from the office, and others will shuttle between the two–will become the reality.
This reality requires companies to develop and implement resilient cybersecurity policies that address the hybrid, remote-office workplace. It is critical to replace those relaxed security policies with the development of policies that ensure equal security across all work environments.
Over the last three years, CRI has been helping small and medium-sized enterprises (SMEs) establish secure policies and procedures, and more recently for this hybrid environment. We emphasize the importance of human behavior as the foundation for security.
Here are some changes we’ve seen during the pandemic that will help all organizations become cyber ready:
- Companies are now forced to have strong security policies that each employee can follow, regardless of their work environment
- The increase in ransomware and phishing means that strong authentication policies for all businesses must be in place and easily understood and applied by all employees
- Establishing security requirements for all businesses in supply chains is now more important than ever. The vulnerabilities of our global supply chains have been exposed throughout the pandemic and large companies need to be doing a better job of helping the small businesses in their supply chains be more secure.
- With workplace flexibility and a hybrid work environment, creating a culture of cybersecurity is critical and urgent. Businesses need to understand that educated and trained employees can be a force multiplier for security
Here’s to a cyber safe New Year!
-Kiersten E. Todt, Managing Director of The Cyber Readiness Institute, and Christopher G. Caine, President of The Center for Global Enterprise