• July 30, 2021
  • Catagory Security

Hybrid workplace security must account for the human element

By : Sanjeev Spolia

The hybrid workplace may be the new normal, but the high number of data breaches due to the pandemic don’t have to be. The solution is recognizing that people can be the cause of security incidents but also play a part in preventing them.

The “human element” is involved in as much as 85 percent of all data breaches, according to Verizon’s 2021 Data Breach Investigations Report. That’s actually good news—it means there are cultural changes that can be made to influence employee behaviours that will improve hybrid workplace security.

People still fall prey to scams

There are several areas where security is vulnerable because of how people behave, often without any intent to put cybersecurity and data privacy at risk.

The first is around privilege abuse, according to the Verizon study, wherein users have access to IT systems, data and applications that over time leads to compromised credentials that allow threat actors to access sensitive information. In most cases, the privileged user isn’t intentionally looking to cause their organization harm and the data exposure is accidental. However, a disgruntled employee can cause a lot of damage.

In the meantime, employees still fall for phishing scams, and the number of instances where people fall for these socially engineered malicious messages rose significantly during the pandemic, according to Verizon’s analysis. Examples of these scams include payment/delivery scams, invoice phishing, tax-themed phishing, and downloads. Remote workers are more likely to fall for phishing scams, which makes their prevention especially critical for improving hybrid workplace security.

Many data breaches are accidental, but these accidents shouldn’t be confused with carelessness, which can include credentials that aren’t regularly updated or failure to use multifactor authentication. Cybersecurity technologies only go so far without having a standard of behaviour throughout the organization. Employees must be held accountable—effective hybrid workplace security depends on culture as much as technology.

Meet people where they are

The hybrid workplace solidifies the need for every employee to do their part to foster company-wide security rather than putting on the onus on a small group of IT experts to implement and manage cybersecurity technologies. This where the human element becomes part of the solution, not just the potential cause of data breaches.

While it’s critical that remote workers do their best to secure their home office environment, it can be overwhelming for them. Communication and training go a long way to helping them develop good security habits, as well as streamlining the process as much as possible. It’s also important to remember that in the hybrid workplace not all remote employees are the same. Some are experienced road warriors and power users who innately understand they need to secure their mobile endpoints, while other users have got a tad complacent over the years because they’re always online.

Employees who have traditionally worked in offices and felt comfortable leaving their workstation unsecured for a few minutes may not fully appreciate that hybrid workplace security requires a shift in behaviour. There are also always employees who value efficiency over all else, so if they perceive security measures as a barrier to productivity, they will always find shortcuts and workarounds.

Make people part of the solution

Hybrid workplace security needs tools and processes with a short learning curve for all employees to they can be easily adopted and understood as an enabler.

Balancing the human element and technology is critical to securing the hybrid workplace due to its inherent flexibility—employees are shifting constantly between their work and personal lives throughout the day, and that includes the devices they’re working on. Each device along with the software and operating systems they’re running now fall under the purview of corporate security.

From a technology perspective, it means technologies such as Identity and Access Management (IAM) tools are more essential than ever, as are robust security protocols and employee training. However, these must be seen as an enabler, not a roadblock to getting things done. The least technologically savvy employee must be able to blend their daily task with good security habits without a steep learning curve.  

Hybrid workplace security requires the creation of a security-first culture that puts people at its centre by enabling them to improve their workflow while doing their part keep the business secure.