It should come as no surprise to any employee, manager or business owner that remote and hybrid work models are here to stay. While the future state of the global pandemic remains uncertain, many businesses have proven that they are resilient and can operate efficiently while employees are not physically working in the same space. With this innovation, though, comes one pervasive and unignorable challenge: cybersecurity. As a business owner, you may have had secure and trustworthy cybersecurity solutions already integrated into your office IT network. But with employees working remotely and using personal devices, a more robust cybersecurity plan must be implemented to match the shape of your office’s unique working model. This doesn’t just mean investing in new technology, it also means educating your employees on best practices when working from home.
So, what can you do to increase your employees’ cybersecurity know-how in the new working landscape? CDW Canada’s team of dedicated experts are here to help businesses ramp up their cybersecurity tools and have shared some key observances as businesses continue to transition to new working models.
The threat landscape in cybersecurity and the vulnerabilities that businesses face
Before we get into the nitty gritty, it is important to get an overview of Canadians’ current understanding of cybersecurity and what businesses are doing to address contemporary cybersecurity concerns. CDW recently commissioned a survey in partnership with Angus Reid to analyze the sentiment of IT security in regard to the impacts of the global pandemic on business and the future of work. The findings offered valuable insight into the threat landscape in cybersecurity and the vulnerabilities that businesses face in today’s increasingly digital world. This is especially important as we continually develop what the future hybrid workplace may look like in Canada.
The survey found that Canadians are experiencing a wide range of cybersecurity concerns with 67 percent of working Canadians citing data leakage, identity theft and/or hackers, 66 percent citing malware and 58 percent citing phishing scams as their top concerns across devices. Despite the awareness of cyberthreats and a general understanding of cybersecurity, many working Canadians still do not take device protection seriously. This is a major issue for businesses with remote and hybrid work models as it costs both time and money to resolve individual cybersecurity issues that fall outside of the physical office’s IT network. Perhaps more concerning is the possibility of a business’ confidential and proprietary information being compromised.
It is vital that organizations address cybersecurity concerns and identify potential threats proactively rather than reactively to avoid costly consequences. Ongoing cybersecurity education, protecting personal devices and improving day-to-day cybersecurity hygiene habits are essential to minimizing vulnerabilities when overseeing hybrid and remote work models. How, then, should a business be proactive? It all begins with the employees.
Invest in employee’s cybersecurity education to instill best practices
Businesses’ first line of defence are their employees and it is essential that they understand how to best protect themselves. Investing in employee education to instill best practices has become imperative with the rise of remote and hybrid work environments. Despite the increase in cyberattacks over the course of the pandemic, only 51 percent of working Canadians indicated their organization had prepared employees with security education prior to the remote transition. It is no surprise, then, that only 53 percent of working Canadians believe there is a positive correlation between their organization’s cybersecurity posture and their ability to effectively do their jobs. These numbers are concerningly low, especially as cyberattacks increase in scope and sophistication. Cybersecurity education for employees must consequently be treated as an essential aspect of employee training both during and long after the pandemic.
An often overlooked, but ubiquitous area to introduce employees to basic cybersecurity measures is personal devices. Naturally, when working from home, people integrate their personal devices into their work. The convenience of cross-platform integration between smart phones, tablets and computers can often overshadow the vulnerabilities of these personal setups.
CDW’s latest data shows that regular review of cybersecurity and privacy settings on personal devices remains a challenge for working Canadians. Concerningly, a mere 41 percent of Canadians review their cybersecurity and privacy settings on their personal devices once per year or less, with 15 percent only doing so upon setting up a new device and five percent having never reviewed this. For the 26 percent of Canadians who rarely or never review their cybersecurity or privacy settings, their cited reasoning is not having thought about it and not knowing how. This indicates that there is a tremendous lack of education surrounding basic privacy settings and their implications on personal devices. It is vital that employees are aware of the significant risks that come with not reviewing cybersecurity and privacy settings on personal devices, and that this can have a negative impact on their workplace’s security posture as a result. Considering the pervasive use of personal devices in employees’ professional and personal lives, education in best practices for personal devices is a necessary foundation on which to build upon more comprehensive cybersecurity hygiene.
Emphasize day-to-day cybersecurity hygiene and adopt multi-factor authentication
From there, placing an emphasis on day-to-day cybersecurity hygiene is a natural next step for employees to gear up their cybersecurity. Day-to-day cybersecurity hygiene is all about routine and process, just like physical hygiene. This process trains people to think proactively about their cybersecurity posture in order to mitigate any potential risks or security issues. This includes integrating the process of using unique passwords and passphrases, frequently changing those passwords and passphrases, and having separate sets of login information for applications, devices and networks.
The survey results also show that while the majority of Canadians use unique passwords or passphrases for their devices – 77 percent for phones, 78 percent for computers and 75 percent for networks – only 65 percent say the same of smart devices. This leaves nearly one quarter of working Canadians at risk. This links back to properly managing privacy settings on employees’ personal devices. Using and refreshing unique passcodes and passphrases is the next layer of best practices. This is particularly important as the survey results indicate that 10 percent fewer Canadians are using unique passcodes and passphrases to protect their phones, computers, networks and smart devices than they were in October 2020. These numbers are quite concerning and need to be addressed proactively as alternative work environments are tracking to become a norm in a post-pandemic world, making it imperative that businesses focus on privacy and keeping data secure.
The next habit that is key to adopt is multi-factor authentication (MFA). It may sound complex, but this is a simple and effective security tool to improve cybersecurity hygiene.
How do you know that someone trying to access information on your businesses’ IT network is who they say they are? When working at a physical office, you visually recognize all your employees and would not think twice when someone goes to grab a document from the file cabinet. The same does not apply when employees are working remotely, especially as issues of digital identity theft increase in prevalence.
MFA requires that digital users provide at least two types of authentications to prove their identity and gain permission to access the data they desire. It acts as a safeguard against identity fraud and gives employees peace of mind knowing that they are securely accessing data without compromising any sensitive information.
Implementing MFA systems is an effective way to reduce security risks that might arise when working from insecure locations, like working from home or using public Wi-Fi, as it provides extra hoops for cybercriminals to jump through in order to gain access to secure information.
Equip employees with the tools they need to work securely and successfully from home
All of the above best practices begin with employees, but it is ultimately the business’ responsibility to educate and train them. According to the survey, only 51 percent of working Canadians say their experiences with workplace technology and connectivity since the transition to hybrid or remote work have been positive. Additionally, only 48 percent of working Canadians feel their organization adequately prepared employees with the security tools and processes needed to work remotely. In other words, only half of Canadians feel that the business they work for has given them the tools they need to work securely and successfully from home. Not only does this place unnecessary pressure on employees, but it affects the agility and security of the business as a whole.
Investing in employee cybersecurity education, protecting personal devices and improving day-to-day cybersecurity hygiene habits are all critical to minimizing vulnerabilities when operating a business within remote and hybrid work models. This is no longer a nice-to-have, but a must-have in today’s ever-evolving digital landscape. While this may seem like a daunting challenge, partnering with dedicated cybersecurity experts can help keep your employees’ and business’ IT network safe and secure.
To learn more about cybersecurity and how CDW can help, please visit: cdw.ca/security.