Although the pandemic has waned somewhat, security organizations are still dealing with the new world of the distributed office. And, when it comes to cybersecurity, the main focus for organizations has been on IT security, which still proves difficult.
Companies are also failing to control, or in some cases, even think about at all, the behaviors of their employees – the ordinary people who work remotely from not just home, but also from myriad public spaces. That’s why operational security – a risk management process that offers guidance on how people should act – has never been more important to organizations.
With the pandemic, employees now spend much more time in public spaces doing work – and it’s not just in coffee shops, it’s in hotel lobbies, ride shares, and co-working spaces. Employees also take selfies, which gives away their locations – all on top of the fact that home offices are too often rife with other IT security issues. It’s truly a nightmare scenario for security staffs.
Unfortunately, many employees don’t realize that the content they so willingly display or share can end up in the hands of a cybercriminal, who will then sell or trade the information on the dark web. So, how can companies help curb the sharing of sensitive information? It starts with security training and education. Employees need to make sure they are diligent about the cyber practices that can help protect their organizations and, in many cases, themselves. It all starts with being a good digital citizen.
Here are the top seven ways employees can protect themselves and company data:
- Use a hotspot: Don’t get me wrong, public Wi-Fi is convenient, but it’s also not very secure. And don’t even get me started on connecting to non-password-protected Wi-Fi networks.
- Don’t leave any computer unattended: It’s so simple, but even leaving for 30 seconds to get a coffee refill could mean trouble. Lock the screen and if the computer has to be left for a long period of time, put it in a safe.
- Use a privacy screen: So many of us can easily look over someone’s shoulders at open PowerPoint presentations containing financial data, or sensitive emails about business deals. Blocking all this doesn’t take much, and it’s an inexpensive fix to keep out unwanted eyes.
- Listen to that inner voice: We may have all learned this in elementary school, but so many people project way too loudly on work calls, and in public spaces, which only means more people can hear us. Use only one earbud to consciously monitor the volume and also keep tabs on the overall surroundings.
- Keep data sharing to a minimum: Use as little information as required when having sensitive conversations. Code names are also helpful, ensuring no specific company or project names are revealed.
- Document security: Don’t screen share important documents or send them over business sharing and messaging tools. Make sure anything important gets encrypted before it’s shared.
- Go incognito: Use incognito browser tools that automatically wipe personal actions so that if someone does access a work computer, they can’t view any recent activity – from browser history, and cookies and site data. This goes for not only a laptop, but also any handheld mobile devices.
If employees can follow these simple rules, it will reduce the risk significantly of leaking company and personal data. Start with awareness and education so employees know the best practices to which they should adhere. Most companies are not having these operational security conversations with employees. Security teams must incorporate best practices like the ones I outlined and make it part of the standard training that’s hopefully already in place. Without this education, employees can and will continue to threaten the business. So, remember, on the next trip to airport or rideshare, keep the security protocols in mind as a way to minimize the risk.
Kurtis Minder, co-founder and CEO, GroupSense