As California and the majority of the US slowly reopen, employees are slowly making their return to the office. This could potentially be a great time to consider revamping important areas within your organization such as security culture and other changes to policy you’ve been putting off.
If your organization was among the companies that started implementing a work-from-home task force since the beginning of the pandemic, then your employees have been “out of the office loop” for quite some time. While you consider the changes to the inner workings of your business, it’s also important you consider the psychological effects of your employees beginning to readapt to working from the office.
Start Fresh
The first thing you might want to do is to treat all of your employees as if it were their first day at work. It doesn’t matter if they are seasoned veterans who have been at your company for 10 plus years. It doesn’t matter if they were hired right before the pandemic began. Even if they were hired two weeks ago, this is a great opportunity for everyone to brush up on cybersecurity best practices.
This is the perfect opportunity for your cybersecurity team to put together a presentation to refresh your team on the risks your organization faces on a daily basis and how to minimize exposures to data and other sensitive company assets.
Getting your team together for the first time in a while is also a great opportunity to discuss any issues any of your team members may have experienced while they were working from home. If your organization has decided to implement a hybrid workplace model, this reunion can be the perfect opportunity to train your staff on equipment or software that needs to be implemented.
Don’t forget to cover important security information regarding using newer technologies such as Microsoft Teams and Google Cloud.
Promote Safe Practices
Workers returning to the office might need refreshers on the importance of cybersecurity safety. Especially when it comes to data. When companies rushed to keep afloat at the beginning of the pandemic in 2020, most just handed a work laptop to their employees. Most of the time, this is fine and will work out since most responsible adults will use their work laptops for work. This “ensures” that data will stay in one place, the laptop and/or the work cloud.
Most companies will migrate towards a hybrid workplace when employees return to the office, however, and it’s important to remind workers how easy it is to “drop the ball”. How easy it is to accidentally sync work data and spreadsheets to their personal cloud accounts and vice versa.
When confronting any team member about an incident of this nature, it’s important to remember that 99% of the time it was a careless mistake. It’s important to be addressed, for sure, but it’s a lot more reassuring to your team members that you do it in a way that they feel as a cybersecurity ally and not a threat.
Cybersecurity Communication Channels
Every team member needs to know about the importance of cybersecurity when returning to the office. It’s very common that employees feel like “big brother” is watching when it comes to security teams “spying” on them. Allowing two way communication between your security team and staff can help.
Instead, make sure every team member is aware of the real risks that are out there and what your organization is doing to prevent your data and assets from leaking. The more you communicate with not just your security team but everyone in your workforce, the more everyone can be aware of what to do to minimize risks.
The more transparent you encourage your security team to be, the more your team members will cooperate with your security team. There is often a lot of tension between them and a lot of organizations make the mistake of making the security team “the gatekeepers” of the internet in your organization.
This approach can lead to unnecessary tension between your security team and your workers. Instead, cultivate an environment where the people keeping your organization safe from cyber attacks are more of “trainers” and “champions of knowledge.”
Maybe one of your employees finds it easy to plug in their phone to a workplace computer to transfer some photos off the company pc to their phone. The employee can see this as harmless. Your security team, however, can see this is a big threat, as they should. Instead of allowing your security team to scold this employee, why not take this opportunity to train this employee with better practices?
The more you promote training culture, the more transparency you will see among your teams and might even see a team member approach your security team to ask before plugging in a thumb drive to download sensitive documents to work from home.
The ultimate goal is to get everyone rowing at the same time and in the same direction. Promoting positive security training and promoting best practices will start getting you there. Once your cybersecurity team and remote workers who are returning to the office feel like they are on the same team, it will be nothing but smooth sailing.