Zack Schuler is the CEO/Founder of NINJIO, a security awareness company empowering organizations to become defenders against cyberthreats.
Getty
It’s easy to focus on all the ways 2020 has been a challenging year: the Covid-19 pandemic, a sputtering economy, and (for cybersecurity professionals) an explosion of new and increasingly dangerous cyberthreats. However, we shouldn’t ignore all the ways the changes we’ve witnessed in 2020 — such as the shift to remote work — have actually driven long-overdue reconsiderations of our approaches to communication, collaboration and cybersecurity.
Covid-19 has been a daily reality for most of 2020, and forward-looking companies should be thinking seriously about not just how they will navigate the rest of the pandemic, but how they will approach the post-Covid-19 era. With remote work remaining the norm into next year and beyond, companies will have to determine how they can maintain productivity and security with many of their employees outside the office.
While this is a challenge, it’s also an opportunity to move beyond the rigid 9-to-5, physically oriented dynamic that has characterized (and constrained) office life for decades. But to do this, companies will have to defend themselves against a new wave of cyberthreats. With that in mind, here are the top five ways companies can level up their cybersecurity in 2021:
1. Shift from a work-from-home to a work-from-anywhere mindset. The term “work from home” has become ubiquitous over the past eight months, but it will likely be less relevant in 2021. This is because a majority of companies report that they will be moving at least some employees to remote work on a permanent basis — even as the pressure to remain sequestered in our homes decreases.
These employees won’t always remain at home — they’ll start working from coffee shops, libraries, shared workspaces and so on. This means companies should emphasize the importance of tools such as VPNs, secure mobile hot spots and security software. They should also prioritize cybersecurity training, which teaches employees to avoid sharing sensitive information over public Wi-Fi, reminds them to keep all devices updated and reinforces the necessity of physical security.
2. Address all potential vulnerabilities. Even before Covid-19, the number of potential attack vectors for hackers to exploit was rapidly rising. For example, the Internet of Things (IoT) has expanded dramatically in recent years. A recent Cisco report found that the total number of connected devices will increase from 18.4 billion in 2018 to 29.3 billion by 2023.
According to a 2019 Deloitte survey, the average American household has 11 connected devices (including seven different screens), while 28% of Americans are using smart home devices, such as connected thermostats, appliances and so on. One of the risks associated with these devices is that they often have more rudimentary security software than laptops or smartphones, making them more vulnerable to infiltration. When this happens, hackers can access a victim’s entire home network and target other devices, such as a work computer.
3. Make responsible communication a top priority. As we enter a new era of remote work, cloud-based communication and collaboration tools will become more and more important. While these tools can be used safely, they present a wide range of security concerns that companies need to address upfront.
Beyond keeping all apps and other software updated, using multifactor authentication and practicing consistent cybersecurity hygiene (the use of strong passwords, for instance), employees need to make sure that their day-to-day use of cloud-based resources is as responsible as possible. This means ensuring that they know exactly who they’re communicating with, only sharing sensitive information via digital channels when absolutely necessary and making sure every employee understands the security protocols associated with each platform.
4. Ensure employees are informed about emerging cyberthreats. According to the FBI’s 2019 report, email account compromise and business email compromise made up over $1.7 billion of 2019's losses — far more than any other cyberattack. Despite these startling facts, a recent Tessian survey found that unauthorized emails are sent 38 times more frequently than IT leaders think.
At a time when Covid-related cyberscams are surging, companies should make sure employees are educated about the tactics scammers are using and the attack vectors they’re exploiting. For example, employees should be wary of emails and other digital communications that urge them to download or follow links to material about the pandemic (which could contain malware).
5. Change the narrative about cybersecurity at your company. Cybersecurity will only become more integral to companies’ day-to-day operations as they shift toward remote work and increasingly rely on digital productivity and communication tools. This provides an opportunity to bolster cybersecurity training and educate employees so they can protect themselves and, by extension, their employees.
Cybersecurity isn’t just critical to defending companies against attacks that can cost millions of dollars and lead to permanent breaches of trust with customers. It’s also a way for employees to keep themselves and their families safe in an increasingly digitized world — especially as our personal and professional lives blend together amid the rise of remote work.
When companies level up their cybersecurity in these ways and emphasize this narrative, they will bring employees together around one of the most vital goals any organization should have in 2021: strengthening its defenses against the increasingly sophisticated and destructive cyberthreats out there.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
