Technology enables employees to work from the office, from home, during their daily commute and pretty much everywhere in between. Companies, however, have little control over security between the home and the office. Employees may choose to work from unsecured Wi-Fi networks in public places or when working remotely, for example, when we all know that secure Wi-Fi is best.
Cybersecurity is much more than enabling antivirus software or deploying an email link scanning tool — it’s a series of choices. Some choices open systems up to security incidents, while others can help prevent a data breach. A recent report from Wandera found that users are accustomed to connecting to open Wi-Fi networks. Users tend to connect to questionable networks because they are easy to access without using mobile data, but employees who choose to connect to enterprise systems from unsecured networks could potentially compromise those systems. Companies can help curb this preference by educating employees about the benefits of secure Wi-Fi, regardless of work location.
Securing Wi-Fi at home is one part of encouraging employees to practice good cybersecurity. Most users access a range of devices and platforms throughout the course of their work. These systems could help foster a security mindset, provided they are easy to use. However, this isn’t always the case.
Improve the Enterprise Application User Experience
When they are difficult to use, enterprise applications can compound the issues around an employee’s attitude about security. Employees often dislike systems because they’re a chore to access, and they sometimes believe that extra steps merely waste time and do not help secure anything. Following appropriate security protocols, when subjected to such a poor security culture, can be difficult. Employees may miss or ignore the purpose of the protocol and find a way around it.
Enterprise application frustration can arise when a user experience designer isn’t involved in the development of enterprise applications. It happens when developers must make decisions around an application’s functionality that may not be optimal choices for the user.
Consider a mandatory password reset process, for example. This happens on a regular schedule and must be completed before a user can log in to get work done. In the past, I have had less-than-optimal experiences around password resets. Arbitrary requirements with each forced password change caused considerable frustration and were made worse when the system gave no context to the actions it required. The entire process typically took around 45 minutes to complete.
A possible solution would be to give users ample information about the password reset process and password requirements upfront. The same goes for multifactor authentication (MFA): MFA is not always used outside the office, so it’s important to outline the process and how it benefits the user. A user’s experience with your MFA system can ultimately determine how long they continue to use it (if it’s optional).
A system that works well can help users become more comfortable with a digital system. Understanding the purpose behind MFA and other common security controls should always be part of an overall security education strategy.
Be Proactive About Security Education
Educating employees about the current threat landscape and how it personally affects them can lead to better security habits. A proactive approach to personal network and device security is always important, as the threat of sophisticated, mobile-first phishing campaigns continues to wreak havoc on users who are duped by legitimate-looking alerts.
Preventing serious data loss is always worth the time employees spend in training. As organizations move through digital transformation efforts, the need for a proactive approach grows. This is especially important as the threat model changes. New and different cybersecurity threats evolve with technology and our workflows and invite new ways of interacting. Seamless interactions with mobile consumer technology, along with regular alerts, condition us to expect more from enterprise software and potentially notice less.
Make sure your security awareness and education program includes information about internet of things (IoT) devices. The plug-and-play nature of popular IoT devices threatens overall home security, and software updates for connected devices may end abruptly — and security updates with them.
Build a Culture That Values Good Cybersecurity
Education is valuable, but it may not overcome a culture that doesn’t value good cybersecurity on its own. According to Deloitte, organizational and departmentwide culture affects the way employees approach security in the workplace. If the company culture is to reuse or even share passwords, then password reuse and sharing can more easily propagate. Employers should cultivate a culture that values good cybersecurity practices and trains new members as they join the ranks.
Timely training on the changing landscape of cybercriminal behavior and how employees can protect the organization’s assets can go a long way. Employees may be more willing to adopt good cybersecurity practices once they understand how their actions can result in a serious data breach and the consequences that come with it.
Implementing a training program that gives employees of all technical levels an opportunity to build a decision framework around how they interact with messages and devices can be beneficial as attack methods evolve. Take phishing, for example, which is growing in sophistication to ensnare users wherever they communicate.
Case in point: Phishing has become the No. 1 threat to mobile security, according to Verizon. Mobile phone users tend to be responsive to text messages while also being distracted. A distracted user who gets a phishing text message may choose to click a link they wouldn’t otherwise consider. Distinguishing between legitimate and phishing messages is becoming more difficult as more sophisticated phishing campaigns surface across platforms.
I once had the opportunity to share early information about a potentially serious data breach with coworkers, and some felt they wouldn’t be affected even though the records acquired were in the millions. A lack of education about how digital systems work and how the information could be used led my coworkers to believe there wasn’t anything they needed to do. The truth is that there’s always something more to do to improve cybersecurity.
Improving Security at Home
Home wireless networks tend to be less secure than their enterprise counterparts. It’s important to learn how to secure a home network.
How to Secure a Home Network
Assign a secure login to access the router’s administrative dashboard. If your router allows, change the default username when you update the password. Choose a strong password and don’t reuse it for anything else. In a recent survey, Consumer Reports found only 38 percent of respondents had changed their router’s default password.
Know your router. Older routers will have outdated security options available and may not be able to protect network devices. Ensure you have WPA2 encryption enabled and that the much older WEP is disabled. It’s time to upgrade if you find you don’t even have WPA2 available as an encryption method.
Check for firmware updates for your router and update it if any are available. Router manufacturers issue security patches from time to time. Some routers have an option for automatic updates, and others may send timely emails alerting you of new firmware updates that are available. Getting these email alerts also requires registering the router with the manufacturer and signing up for email alerts.
Turn off Wi-Fi router features you don’t use, such as Universal Plug and Play (UPnP). UPnP allows devices on the network to easily discover one another’s content. A quick scan of your network can show if UPnP access is enabled.
Assign a strong password for your network (SSID) and don’t use it for anything else. Leaving a home Wi-Fi network open is risky because sensitive personal or corporate information could be intercepted.
Update Computers and Devices That Connect to Your Home Wi-Fi
A more secure Wi-Fi network could still be vulnerable if attached devices are running outdated or unpatched software. Applying security patches and updating operating systems is an important part of keeping the network in good shape.
Even so, support for these systems doesn’t last forever. For example, Microsoft will stop supporting and issuing security patches for Windows 7 in January 2020. Apple publishes a complete list of models that have reached end-of-life. Google announced the end of support for Android 4 in 2018.
Update regularly and pay attention to end-of-support announcements for equipment you own. Disconnect devices that no longer receive software updates.
Encourage Better Work-From-Home Security
Personal habits around cybersecurity can bleed into enterprise system usage. Give employees the tools and information they need to secure personal networks and devices so they don’t become a vulnerability to your network. Build a culture of security so good cybersecurity practices become habit.