Much about leaving the pandemic behind remains unclear, but new certainties are taking hold in workplaces. With survey data showing that as many as 82% of business leaders are embracing the new norm of hybrid “office-home” work arrangements, cybersecurity experts urge adjustments—starting with mindset.
Accepting Reality, Shifting Mindsets
Security Magazine points out that convenience is now a permanent cyber-risk for businesses. To enable remote working, companies have relied heavily on technology solutions, including cloud applications and remote connectivity tools, like VPN. However, cyber-attacks on cloud services have grown by more than 600% as hacker’s exploit vulnerabilities. While clearly part of the security solution, experts stress that tech controls are only successful when they go hand in hand with support to help employees adjust their behaviors. As Security Magazine explains:
Workers are prone to social engineering scams like phishing and vishing. One wrong move can instantly result in a breach, causing significant financial damages and irreversible loss of reputation. Cybercriminals have a deep understanding of human psychology and stress-related pandemic issues. In 2020 alone, Google registered a record two million phishing websites whereas ransomware attacks increased by seven-fold. Similar to the hybrid office, managing cyber-risks too needs a hybrid approach — one that is a mix of technical controls and user behavior training that is secure by design. Here are…foundational elements:
Address the softer side of cyber: It’s important that businesses understand and apply psychological theory to influence behavior of its employees so that they follow cyber hygiene best practices and avoid putting the business at risk. There are two key areas where this improvement should be focused:
- Transformative Security Education, Training and Awareness:Ongoing security awareness training and live simulation exercises that develop muscle memory or instinctive behavior for employees to recognize, foil and report social engineering attempts.
- Secure behavior by design: Developing security tools and techniques that have cybersecurity built-in, not bolted on. For example: incorporating visual guidance or inconspicuous cues and nudges to gently guide individuals in making sound security decisions.
Don’t Forget: Cybersecurity Response Plan?
Having a cyber-breach response plan is critical too—within six months of a cyber-breach, 60% of small businesses end up closing! To help, Colonial Surety provides unique and affordable Cyber Liability protection, which includes breach response services coordinated by expert forensic and legal experts. With Colonial’s coverage, upon a breach at your business, experts will identify what’s been comprised and coordinate the response. As needed, call-center support, credit and identity monitoring services and even public relations expertise are provided. Liability protection in the event of covered lawsuits or regulatory actions due to a data breach? Of course, that’s included too. Learn More and Obtain Cyber Liability Protection Here.
Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, we are the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors, pension professionals and financial advisors – and keep their businesses compliant – with pain-free, efficient, and friendly service every time.