Over the last 18 months, organizations have become accustomed to employees working remotely, and as COVID-19 case counts rose in Canada, so too did the number of organizations asking their employees to work from home. This has resulted in the need to quickly introduce new approaches, tools and technologies to ensure employees have the appropriate resources they need to get work done while protecting their privacy and data.
Another trend we continue to witness as the pandemic continues is a spike in cybersecurity risks, with cyberthreats increasing at a rapid pace. We recently commissioned a survey in partnership with Angus Reid to analyze the sentiment of IT security in respect to the pandemic and the future of work. The survey found that Canadians are experiencing a range of cyberconcerns, with 67 percent of working Canadians citing data leakage, identity theft and/or hackers, 66 percent citing malware and 58 percent citing phishing scams as their top cyberconcerns across devices. However, despite these concerns, some working Canadians still do not take device protection seriously.
When it comes to cyber risks and vulnerabilities, it is vital that organizations address these concerns proactively rather than reactively to avoid costly consequences. Ongoing cybersecurity education, protecting personal devices and improving day-to-day cybersecurity hygiene habits are essential to minimizing cybervulnerabilities when working from home.
Investing in employee cybersecurity education
Employees are an organization’s first line of defence against cybercriminals. That’s why investing in employee education to instill best cyberpractices has become increasingly important with the rise of remote and hybrid work environments. While this has become apparent over the course of the pandemic, only 51 percent of working Canadians indicated their organization had prepared employees with security education prior to the remote transition. It is no surprise, then, that only 53 percent of working Canadians believe there is a positive correlation between their organization’s cybersecurity posture and their ability to effectively do their jobs.
These numbers are concerningly low, especially as cybersecurity risks continue to rise at a rapid pace, which indicates that cybersecurity education continues to be of utmost importance as we enter the hybrid workforce stage of the pandemic.
In order to address this issue and subsequently mitigate cybersecurity risks, it is critical for organizations to make cybersecurity awareness and education a priority for all employees. Regularly providing employees with clear instruction, training and expectations on cybersecurity protocols will reduce security risks and will ensure all employees are equipped with awareness, tools and resources to prevent potential breaches from occurring.
Protecting personal devices
Our data shows that a regular review of cybersecurity and privacy settings on personal devices remains a challenge for working Canadians. Concerningly, a mere 41 percent of Canadians review their cybersecurity and privacy settings on their personal devices at least once per year, with 15 percent only doing so upon setting up a new device and 5 percent having never reviewed this. For the 26 percent of Canadians who rarely or never review their cybersecurity or privacy settings, their cited reason is not having thought about it and not knowing how.
This demonstrates that while cybersecurity seems to resonate with employees, there is more work to be done regarding what this means for privacy settings on personal devices. It is vital that employees are aware of the significant risks that come with not reviewing cybersecurity and privacy setting on personal devices, and that this can have a negative impact on their workplace’s security posture as a result.
With the rise of remote and hybrid work environments, an increasing number of working Canadians are using personal devices and networks to get work done, whether it be personal phones or Wi-Fi networks. This increases the cybersecurity risks that organizations face as cybercriminals have even more devices and networks they can gain access to. In order to minimize cybervulnerabilities when working from home, each member of your organization needs to be aware that strong personal device and network security can be just as important as strong work device and network security.
Improving day-to-day cybersecurity hygiene habits
Day-to-day cybersecurity hygiene is all about training yourself to think proactively about your cybersecurity posture in order to mitigate cyber risks and security issues. This includes placing more importance on using unique passwords and passphrases, frequently changing those passwords and passphrases and having separate sets of login information for applications, devices and networks.
While the majority of Canadians do use unique passwords or passphrases for their phones (77 percent), computers (78 percent) and networks (74 percent), only 65 percent say the same of smart devices. And this still leaves nearly one quarter of working Canadians at risk. Interestingly, 10 percent fewer Canadians are using unique passcodes and passphrases to protect their phones, computers, networks and smart devices compared to in October 2020. This is extremely worrying as alternative work environments are tracking to become the norm in a post-pandemic world, making it increasingly important that Canadians improve day-to-day cybersecurity hygiene habits in order to keep their privacy and data secure.
Why you should consider multifactor authentication
Today, the rise in a cloud-connected mobile and remote workforce has put the visibility and control of users and devices outside of the enterprise. The extended workforce security must be able to establish user trust, no matter where the user is and no matter what kind of network they’re connecting from. Cisco Duo provides the foundation for a zero-trust security model by providing user and device trust before granting access to applications – ensuring secure access to any user and device connecting to any application from anywhere. Learn more about Cisco security solutions.
Multifactor authentication (MFA) is an excellent security tool to improve your cybersecurity hygiene habits. MFA requires that digital users provide at least two credentials or prove their identity and permission to access the data they are attempting to access. Implementing MFA systems is an effective way to reduce security risks that might arise when working from insecure locations, like working from home, as it provides extra hoops for cybercriminals to jump through in order to gain access to secure information. Duo’s intuitive MFA makes enrollment and secure logins easy for users, reducing friction to their workflow.
Investing in employee cybersecurity education, protecting personal devices and improving day-to-day cybersecurity hygiene habits are all critical to minimizing cybervulnerabilities when working from home or in a hybrid work environment. This is no longer a nice-to-have, but a must-have in today’s ever-evolving digital landscape. We recognize that this can be daunting and challenging, which is why partnering with dedicated experts that can help your organization keep your IT environment safe and secure is also key.
To learn more about cybersecurity and how CDW can help, please visit cdw.ca/security.