Cybersecurity Awareness Month feels different this year because so much has changed in terms of how we work and, in turn, how we should think about cybersecurity. In a very short time, many of us have had to adapt to multiple aspects of our lives – from work to education and healthcare – being remote. In the same time period, companies, schools, healthcare providers and many others have had to scramble to find ways to set up cybersecurity strategies to protect everyone remotely. This Cybersecurity Awareness Month, we’re taking a look back at the last seven months and considering the question: how has this new normal changed how we need to think about building robust cybersecurity strategies? Here are three takeaways.
First, people will always choose convenience over security. So, when it comes to building a strong cybersecurity strategy, we need to consider convenience non-negotiable. That means making sure that secure tools are intuitive, easy to install, easy-to-use and that everyone knows about the tool. The first few months of the pandemic made it clear that people will always opt for the most convenient tool – even at the cost of security. When we first switched to remote work, there was a scramble to stay connected and everyone opted for the easiest, most well-known tool to keep communicating, which was Zoom. Even after it was revealed that Zoom had a lot of very serious security vulnerabilities, people continued to use the tool. Given a choice, people always gravitate towards the easy-to-use tool over a similar tool that is slightly less intuitive, but more secure. This means that when we approach cybersecurity, we need to make sure the secure option is also the most convenient.
Second, your employees aren’t the weakest link, your systems are. It’s time to change our mindset from blaming employees to one that emphasizes using tools with privacy by design. We’ve been told time and time again that employees are the biggest threat to security and need to be trained. But in the current situation, with people struggling with fatigue, work-life balance and hackers all too eager to take advantage of the confusion accompanying remote work, training is simply not the right approach. Instead, we need to make sure that privacy and security are baked into the tools in a way that employees can’t fail, so that employees have one less thing to worry about.
Third, we need to be creative in the ways that we make sure people feel comfortable sharing information, so that if there is a breach it’s easy to keep communications flowing. Without an open cybersecurity culture, people might not be likely to share when they’ve experienced a security breach. It can be hard to foster openness in a remote workforce – the things that help us understand nuance and get to know each other in an office workspace, like idiosyncrasies or tone of voices, are no longer there. That means finding new ways for people to easily communicate, collaborate, share successes and challenges without feeling like they’re being monitored. Tools that don’t collect PII on employees and make it simple for them to share information can help ensure that if a breach occurs they feel comfortable quickly and openly sharing information.
The bottom line? This Cybersecurity Awareness Month, COVID has shown us that when it comes to cybersecurity we need to set up environments where people can’t fail. That means opting for tools that make life convenient but that also have cybersecurity built in. At Vaporstream, we recognize that, which is why we’ve designed a platform that makes remote communications intuitive and secure. Find out just what makes us so secure here.