Returning to work allows security teams to refocus on areas of their internal risk management program that may have been swept under the rug while working remotely. As employees meet for the first time in a long time, this is a good opportunity for companies to rebuild a stronger office safety culture between employees and security teams – one that comes from a place of business. positive intention.
Set the stage for success
Whether employees have been with the company for seven years or seven months, when they return to the office, they should be treated as if it is their first day at the company. All team members, regardless of their level of experience, should take a refresher course in security practices.
Your security team can do this by teaching or reminding staff how to properly manage and move data into its appropriate environment to minimize possible data exposure. This promotes sound safety practices and provides regular, personalized training for the entire team.
If your business is transitioning to a hybrid workforce approach, make sure your employees have the knowledge and / or equipment they need for dual offices to minimize data loss. For example, encourage the use of company hard drives to access data from both locations rather than transferring the data through USB drives.
Create a positive intent safety culture for your office
People need to move data to do their jobs, and it can be natural for security teams to respond negatively to data exfiltration alerts. However, Code42 research shows that most data leaks happen unintentionally. An example could be when a person accidentally exfiltrates data when they connect a personal drive to their work device, unintentionally syncing work files to their personal cloud. Instead of concluding that employees are stealing data, investigate to find out more.
Often times, they are just trying to do their job or collaborate with a colleague or partner. Use these moments as an opportunity to educate them on safer ways to share data, always starting the conversation with positive intention. For example, start with “We noticed this … have you seen it too” rather than starting the conversation accusingly. This will position them as security allies rather than security enemies, and it’s a better way to encourage them to work with your security team.
Find new ways to communicate about cybersecurity
Emphasize the importance of safety and why it is important for all employees when they return to the office. Your insider risk management program should start when employees do, so make safety conversations a part of company onboarding practices, even if you only talk about it for a few minutes. This will allow you to set the right tone, let employees know that your security team is not trying to play the role of “Big Brother” and show them that you need their help to protect the assets of the company. business.
To make safety messages as effective as possible, be sure to tailor them to employee needs and situations – know your audience and what information and delivery will resonate with them the most. Work hard to keep employees engaged by using repetitive, sticky messages. You can’t expect employees to know how to react to a real-life safety risk if you don’t make a concerted effort to include safety conversations at multiple points in their work experience.
Be transparent with your employees and encourage them to do the same
Build trust with your employees and encourage them to feel comfortable talking to your security team about their actions online. Remember, they’re just trying to get things done.
Transparency can go a long way. At Code42, we ask our employees to be as transparent as possible and they expect the same from our security team. For example, before employees leave the company, they often notify us if they move personal files like photographs from their work computer to a personal computer.
Ultimately, proactive behavior helps security teams because it shortens potential investigation times and allows the team to suggest more secure transfer methods, such as an encrypted drive.
There will be a flood of stressors upon returning to the office, but if a culture of positive intention is established and employees put their teachings to use, business leaders should be able to breathe a sigh of relief.
Training employees on internal risk management best practices and establishing a safety culture of positive intent will help everyone feel on the same team when it comes to protecting the organization.