Employees are the first line of defence: How to increase your business’ cybersecurity with hybrid work models

CDW Canada Head of Cybersecurity and Solutions Development Theo van Wyk in The Canadian Business Quarterly

It should come as no surprise to any employee, manager or business owner that remote and hybrid work models are here to stay. While the future state of the global pandemic remains uncertain, many businesses have proven that they are resilient and can operate efficiently while employees are not physically working in the same space. With this innovation, though, comes one pervasive and unignorable challenge: cybersecurity. As a business owner, you may have had secure and trustworthy cybersecurity solutions already integrated into your office IT network. But with employees working remotely and using personal devices, a more robust cybersecurity plan must be implemented to match the shape of your office’s unique working model. This doesn’t just mean investing in new technology, it also means educating your employees on best practices when working from home.

So, what can you do to increase your employees’ cybersecurity know-how in the new working landscape? CDW Canada’s team of dedicated experts are here to help businesses ramp up their cybersecurity tools and have shared some key observances as businesses continue to transition to new working models.

The threat landscape in cybersecurity and the vulnerabilities that businesses face

Before we get into the nitty gritty, it is important to get an overview of Canadians’ current understanding of cybersecurity and what businesses are doing to address contemporary cybersecurity concerns. CDW recently commissioned a survey in partnership with Angus Reid to analyze the sentiment of IT security in regard to the impacts of the global pandemic on business and the future of work. The findings offered valuable insight into the threat landscape in cybersecurity and the vulnerabilities that businesses face in today’s increasingly digital world. This is especially important as we continually develop what the future hybrid workplace may look like in Canada.

The survey found that Canadians are experiencing a wide range of cybersecurity concerns with 67 percent of working Canadians citing data leakage, identity theft and/or hackers, 66 percent citing malware and 58 percent citing phishing scams as their top concerns across devices. Despite the awareness of cyberthreats and a general understanding of cybersecurity, many working Canadians still do not take device protection seriously. This is a major issue for businesses with remote and hybrid work models as it costs both time and money to resolve individual cybersecurity issues that fall outside of the physical office’s IT network. Perhaps more concerning is the possibility of a business’ confidential and proprietary information being compromised.

It is vital that organizations address cybersecurity concerns and identify potential threats proactively rather than reactively to avoid costly consequences. Ongoing cybersecurity education, protecting personal devices and improving day-to-day cybersecurity hygiene habits are essential to minimizing vulnerabilities when overseeing hybrid and remote work models. How, then, should a business be proactive? It all begins with the employees.

CDW Canada Head of Cybersecurity and Solutions Development Theo van Wyk in The Canadian Business Quarterly
Investing in employee cybersecurity education, protecting personal devices and improving day-to-day cybersecurity hygiene habits are all critical to minimizing vulnerabilities when operating a business within remote and hybrid work models

Invest in employee’s cybersecurity education to instill best practices

Businesses’ first line of defence are their employees and it is essential that they understand how to best protect themselves. Investing in employee education to instill best practices has become imperative with the rise of remote and hybrid work environments. Despite the increase in cyberattacks over the course of the pandemic, only 51 percent of working Canadians indicated their organization had prepared employees with security education prior to the remote transition. It is no surprise, then, that only 53 percent of working Canadians believe there is a positive correlation between their organization’s cybersecurity posture and their ability to effectively do their jobs. These numbers are concerningly low, especially as cyberattacks increase in scope and sophistication. Cybersecurity education for employees must consequently be treated as an essential aspect of employee training both during and long after the pandemic.

An often overlooked, but ubiquitous area to introduce employees to basic cybersecurity measures is personal devices. Naturally, when working from home, people integrate their personal devices into their work. The convenience of cross-platform integration between smart phones, tablets and computers can often overshadow the vulnerabilities of these personal setups.

CDW’s latest data shows that regular review of cybersecurity and privacy settings on personal devices remains a challenge for working Canadians. Concerningly, a mere 41 percent of Canadians review their cybersecurity and privacy settings on their personal devices once per year or less, with 15 percent only doing so upon setting up a new device and five percent having never reviewed this. For the 26 percent of Canadians who rarely or never review their cybersecurity or privacy settings, their cited reasoning is not having thought about it and not knowing how. This indicates that there is a tremendous lack of education surrounding basic privacy settings and their implications on personal devices. It is vital that employees are aware of the significant risks that come with not reviewing cybersecurity and privacy settings on personal devices, and that this can have a negative impact on their workplace’s security posture as a result. Considering the pervasive use of personal devices in employees’ professional and personal lives, education in best practices for personal devices is a necessary foundation on which to build upon more comprehensive cybersecurity hygiene.

Emphasize day-to-day cybersecurity hygiene and adopt multi-factor authentication

From there, placing an emphasis on day-to-day cybersecurity hygiene is a natural next step for employees to gear up their cybersecurity. Day-to-day cybersecurity hygiene is all about routine and process, just like physical hygiene. This process trains people to think proactively about their cybersecurity posture in order to mitigate any potential risks or security issues. This includes integrating the process of using unique passwords and passphrases, frequently changing those passwords and passphrases, and having separate sets of login information for applications, devices and networks. 

The survey results also show that while the majority of Canadians use unique passwords or passphrases for their devices – 77 percent for phones, 78 percent for computers and 75 percent for networks – only 65 percent say the same of smart devices. This leaves nearly one quarter of working Canadians at risk. This links back to properly managing privacy settings on employees’ personal devices. Using and refreshing unique passcodes and passphrases is the next layer of best practices. This is particularly important as the survey results indicate that 10 percent fewer Canadians are using unique passcodes and passphrases to protect their phones, computers, networks and smart devices than they were in October 2020. These numbers are quite concerning and need to be addressed proactively as alternative work environments are tracking to become a norm in a post-pandemic world, making it imperative that businesses focus on privacy and keeping data secure.

The next habit that is key to adopt is multi-factor authentication (MFA). It may sound complex, but this is a simple and effective security tool to improve cybersecurity hygiene.

CDW Canada Head of Cybersecurity and Solutions Development Theo van Wyk in The Canadian Business Quarterly
CDW Canada’s team of dedicated experts are here to help businesses ramp up their cybersecurity tools and have shared some key observances as businesses continue to transition to new working models

How do you know that someone trying to access information on your businesses’ IT network is who they say they are? When working at a physical office, you visually recognize all your employees and would not think twice when someone goes to grab a document from the file cabinet. The same does not apply when employees are working remotely, especially as issues of digital identity theft increase in prevalence.

MFA requires that digital users provide at least two types of authentications to prove their identity and gain permission to access the data they desire. It acts as a safeguard against identity fraud and gives employees peace of mind knowing that they are securely accessing data without compromising any sensitive information.

CDW Canada Head of Cybersecurity and Solutions Development Theo van Wyk in The Canadian Business Quarterly
CDW’s latest data shows that regular review of cybersecurity and privacy settings on personal devices remains a challenge for working Canadians

Implementing MFA systems is an effective way to reduce security risks that might arise when working from insecure locations, like working from home or using public Wi-Fi, as it provides extra hoops for cybercriminals to jump through in order to gain access to secure information.

Equip employees with the tools they need to work securely and successfully from home

All of the above best practices begin with employees, but it is ultimately the business’ responsibility to educate and train them. According to the survey, only 51 percent of working Canadians say their experiences with workplace technology and connectivity since the transition to hybrid or remote work have been positive. Additionally, only 48 percent of working Canadians feel their organization adequately prepared employees with the security tools and processes needed to work remotely. In other words, only half of Canadians feel that the business they work for has given them the tools they need to work securely and successfully from home. Not only does this place unnecessary pressure on employees, but it affects the agility and security of the business as a whole.

Investing in employee cybersecurity education, protecting personal devices and improving day-to-day cybersecurity hygiene habits are all critical to minimizing vulnerabilities when operating a business within remote and hybrid work models. This is no longer a nice-to-have, but a must-have in today’s ever-evolving digital landscape. While this may seem like a daunting challenge, partnering with dedicated cybersecurity experts can help keep your employees’ and business’ IT network safe and secure.

To learn more about cybersecurity and how CDW can help, please visit: cdw.ca/security.

Subscribe

The Canadian Business Quarterly (The CBQ) provides an in-depth view of business and economic development issues taking place across the country. Featuring interviews with top executives, government policy makers and prominent industry bodies The CBQ examines the news beyond the headlines to uncover the drivers of local, provincial, and national affairs.

All copy appearing in The Canadian Business Quarterly is copyrighted. Reproduction in whole or part is not permitted without written permission. Any financial advice published in The Canadian Business Quarterly or on www.thecbq.ca has been prepared without taking in to account the objectives, financial situation or needs of any reader. Neither The Canadian Business Quarterly nor the publisher nor any of its employees hold any responsibility for any losses and or injury incurred (if any) by acting on information provided in this magazine or website. All opinions expressed are held solely by the contributors and are not endorsed by The Canadian Business Quarterly or www.thecbq.ca.

All reasonable care is taken to ensure truth and accuracy, but neither the editor nor the publisher can be held responsible for errors or omissions in articles, advertising, photographs or illustrations. Unsolicited manuscripts are welcome but cannot be returned without a stamped, self-addressed envelope. The publisher is not responsible for material submitted for consideration. The CBQ is published by Romulus Rising Pty Ltd, ABN: 77 601 723 111.

Subscribe

© 2023 The Canadian Business Quarterly. All rights reserved. A division of Romulus Rising Pty Ltd, an Australian media company (www.RomulusRising.com).