Chief information security officers (CISOs) have always played unique roles within the organizations they work for. Throughout the past few decades, much of a CISO’s job role could be performed from the comfort of home via mobile devices and the internet. This has become even truer over the past year when COVID-19 pushed more people into the remote workforce.
With more remote employees than ever before, including CISOs, confined to online document sharing and video conference calls, there is a greater likelihood of data breaches. As a CISO, it’s crucial to put into place practices and policies that deter this greater likelihood by making organization networks more secure. Here’s how to do just that.
With more people working remotely, it only makes sense that businesses are giving remote access to their employees. From access to pertinent financial transaction data to confidential communications between employees and clients, this information often becomes the target of phishing attempts. When phishing attempts get carried out against people with high profile credentials, this is known as spear-phishing and it’s becoming more common. This is why CISOs should always train employees on phishing, including what it is, how it works, and how to avoid it. Make sure to explain that phishing has been around since the ’90s and currently, about 65% of organizations have had successful phishing attacks carried out against them with 96% of the attacks arriving via email.
Some of the best ways to provide training to workers are to:
CISOs should create a hierarchical work structure that enhances high collaboration and allows for simple and clear delegation of tasks. This minimizes team disruptions and helps to ensure all remote teams are well-constructed. When everyone understands their role within the remote work they’re performing, this increases the likelihood of following the correct business processes to complete tasks, which translates into a reduced risk of a cyber attack. Another way to build well-constructed teams calls for CISOs to follow protocols that ensure tight coordination among all remote workers. This improves synchronicity among workers, meaning tasks are more streamlined and efficient.
One of the most effective ways to stay secure while working remotely is to update passwords on a regular basis and to enforce a two-step authentication policy. Passwords become even safer when protected by a password manager, so CISOs should carefully consider which password management program they want to let workers use. It’s also smart to tell all workers to avoid using the “remember my password” feature when accessing data on public devices.
Providing company-owned devices is ideal for keeping remote access secure, but this isn’t feasible for all organizations (mostly due to budget constraints). When storing data on a non-company device, it’s best to patch the device for compliance and compatibility and to store data in the cloud as this helps reduce the likelihood of a data breach. It’s also smart to delete locally saved files on all public devices and shared computers used to perform remote access. Another way CISOs can make employee devices more secure is by having them use an anti-virus program to scan the devices’ storage drives as well as any portable storage devices it connects to. And most importantly, CISOs should ensure all business data and information shared on any employee’s device is shared through methods secured by encryption.
From avoiding spear-phishing targeted campaigns to performing patches like they’re going out of style, it’s the CISO’s responsibility to define and implement strategic information security practices. Starting with the tips mentioned in this article, CISOs can improve data security while working remotely.