October 22, 2019 By Michelle Greenlee 5 min read

Technology enables employees to work from the office, from home, during their daily commute and pretty much everywhere in between. Companies, however, have little control over security between the home and the office. Employees may choose to work from unsecured Wi-Fi networks in public places or when working remotely, for example, when we all know that secure Wi-Fi is best.

Cybersecurity is much more than enabling antivirus software or deploying an email link scanning tool — it’s a series of choices. Some choices open systems up to security incidents, while others can help prevent a data breach. A recent report from Wandera found that users are accustomed to connecting to open Wi-Fi networks. Users tend to connect to questionable networks because they are easy to access without using mobile data, but employees who choose to connect to enterprise systems from unsecured networks could potentially compromise those systems. Companies can help curb this preference by educating employees about the benefits of secure Wi-Fi, regardless of work location.

Securing Wi-Fi at home is one part of encouraging employees to practice good cybersecurity. Most users access a range of devices and platforms throughout the course of their work. These systems could help foster a security mindset, provided they are easy to use. However, this isn’t always the case.

Improve the Enterprise Application User Experience

When they are difficult to use, enterprise applications can compound the issues around an employee’s attitude about security. Employees often dislike systems because they’re a chore to access, and they sometimes believe that extra steps merely waste time and do not help secure anything. Following appropriate security protocols, when subjected to such a poor security culture, can be difficult. Employees may miss or ignore the purpose of the protocol and find a way around it.

Enterprise application frustration can arise when a user experience designer isn’t involved in the development of enterprise applications. It happens when developers must make decisions around an application’s functionality that may not be optimal choices for the user.

Consider a mandatory password reset process, for example. This happens on a regular schedule and must be completed before a user can log in to get work done. In the past, I have had less-than-optimal experiences around password resets. Arbitrary requirements with each forced password change caused considerable frustration and were made worse when the system gave no context to the actions it required. The entire process typically took around 45 minutes to complete.

A possible solution would be to give users ample information about the password reset process and password requirements upfront. The same goes for multifactor authentication (MFA): MFA is not always used outside the office, so it’s important to outline the process and how it benefits the user. A user’s experience with your MFA system can ultimately determine how long they continue to use it (if it’s optional).

A system that works well can help users become more comfortable with a digital system. Understanding the purpose behind MFA and other common security controls should always be part of an overall security education strategy.

Be Proactive About Security Education

Educating employees about the current threat landscape and how it personally affects them can lead to better security habits. A proactive approach to personal network and device security is always important, as the threat of sophisticated, mobile-first phishing campaigns continues to wreak havoc on users who are duped by legitimate-looking alerts.

Preventing serious data loss is always worth the time employees spend in training. As organizations move through digital transformation efforts, the need for a proactive approach grows. This is especially important as the threat model changes. New and different cybersecurity threats evolve with technology and our workflows and invite new ways of interacting. Seamless interactions with mobile consumer technology, along with regular alerts, condition us to expect more from enterprise software and potentially notice less.

Make sure your security awareness and education program includes information about internet of things (IoT) devices. The plug-and-play nature of popular IoT devices threatens overall home security, and software updates for connected devices may end abruptly — and security updates with them.

Build a Culture That Values Good Cybersecurity

Education is valuable, but it may not overcome a culture that doesn’t value good cybersecurity on its own. According to Deloitte, organizational and departmentwide culture affects the way employees approach security in the workplace. If the company culture is to reuse or even share passwords, then password reuse and sharing can more easily propagate. Employers should cultivate a culture that values good cybersecurity practices and trains new members as they join the ranks.

Timely training on the changing landscape of cybercriminal behavior and how employees can protect the organization’s assets can go a long way. Employees may be more willing to adopt good cybersecurity practices once they understand how their actions can result in a serious data breach and the consequences that come with it.

Implementing a training program that gives employees of all technical levels an opportunity to build a decision framework around how they interact with messages and devices can be beneficial as attack methods evolve. Take phishing, for example, which is growing in sophistication to ensnare users wherever they communicate.

Case in point: Phishing has become the No. 1 threat to mobile security, according to Verizon. Mobile phone users tend to be responsive to text messages while also being distracted. A distracted user who gets a phishing text message may choose to click a link they wouldn’t otherwise consider. Distinguishing between legitimate and phishing messages is becoming more difficult as more sophisticated phishing campaigns surface across platforms.

I once had the opportunity to share early information about a potentially serious data breach with coworkers, and some felt they wouldn’t be affected even though the records acquired were in the millions. A lack of education about how digital systems work and how the information could be used led my coworkers to believe there wasn’t anything they needed to do. The truth is that there’s always something more to do to improve cybersecurity.

Improving Security at Home

Home wireless networks tend to be less secure than their enterprise counterparts. It’s important to learn how to secure a home network.

How to Secure a Home Network

  • Assign a secure login to access the router’s administrative dashboard. If your router allows, change the default username when you update the password. Choose a strong password and don’t reuse it for anything else. In a recent survey, Consumer Reports found only 38 percent of respondents had changed their router’s default password.

  • Know your router. Older routers will have outdated security options available and may not be able to protect network devices. Ensure you have WPA2 encryption enabled and that the much older WEP is disabled. It’s time to upgrade if you find you don’t even have WPA2 available as an encryption method.

  • Check for firmware updates for your router and update it if any are available. Router manufacturers issue security patches from time to time. Some routers have an option for automatic updates, and others may send timely emails alerting you of new firmware updates that are available. Getting these email alerts also requires registering the router with the manufacturer and signing up for email alerts.

  • Turn off Wi-Fi router features you don’t use, such as Universal Plug and Play (UPnP). UPnP allows devices on the network to easily discover one another’s content. A quick scan of your network can show if UPnP access is enabled.

  • Assign a strong password for your network (SSID) and don’t use it for anything else. Leaving a home Wi-Fi network open is risky because sensitive personal or corporate information could be intercepted.

Update Computers and Devices That Connect to Your Home Wi-Fi

A more secure Wi-Fi network could still be vulnerable if attached devices are running outdated or unpatched software. Applying security patches and updating operating systems is an important part of keeping the network in good shape.

Even so, support for these systems doesn’t last forever. For example, Microsoft will stop supporting and issuing security patches for Windows 7 in January 2020. Apple publishes a complete list of models that have reached end-of-life. Google announced the end of support for Android 4 in 2018.

Update regularly and pay attention to end-of-support announcements for equipment you own. Disconnect devices that no longer receive software updates.

Encourage Better Work-From-Home Security

Personal habits around cybersecurity can bleed into enterprise system usage. Give employees the tools and information they need to secure personal networks and devices so they don’t become a vulnerability to your network. Build a culture of security so good cybersecurity practices become habit.

More from Cloud Security

New cybersecurity sheets from CISA and NSA: An overview

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have recently released new CSI (Cybersecurity Information) sheets aimed at providing information and guidelines to organizations on how to effectively secure their cloud environments.This new release includes a total of five CSI sheets, covering various aspects of cloud security such as threat mitigation, identity and access management, network security and more. Here's our overview of the new CSI sheets, what they address and the key takeaways from each.Implementing…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

Cloud security uncertainty: Do you know where your data is?

3 min read - How well are security leaders sleeping at night? According to a recent Gigamon report, it appears that many cyber professionals are restless and worried.In the report, 50% of IT and security leaders surveyed lack confidence in knowing where their most sensitive data is stored and how it’s secured. Meanwhile, another 56% of respondents say undiscovered blind spots being exploited is the leading concern making them restless.The report reveals the ongoing need for improved cloud and hybrid cloud security. Solutions to…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today