|Answered by Nick Klein,Executive Director, Digital Forensics and Incident Response|
It is important that organisations talk security with their staff on a regular basis. It shouldn’t be abnormal that staff are party to, and engaged in, conversation about both physical and cyber security. It is incumbent upon organisations to look after the physical and mental welfare of their staff and it is also important for the staff to understand their obligations in helping the organisation.
In normal times, staff may have extended gaps between meetings, but with working from home, it wouldn’t be uncommon that they are going from a Teams meeting to a Zoom meeting, to a webinar to a phone call and multitasking, with no gap in between. This can lead to complacency.
The biggest vulnerability staff will have is that they click on a link, or giveaway details that they know they shouldn’t in the cold hard light of day. Everyone has had that sinking feeling when we thought; I shouldn’t have clicked on that link. But we can never over communicate the importance of simple security best practices with our staff.
If everyone sees security as their responsibility, then you will see more reports of near misses. Staff reporting that something weird was happening with their computer, or they saw someone plugging in something suspicious. Often this will come to nothing, but if it is highlighted, there is a clearer picture of what is going on in the organisation.
This can be more difficult where organisations have a BYOD set-up, allowing personal laptops, personal PCs, tablets and phones to log-in to the network. This increases their risk because control over that device as an organisation is by nature diminished. This presents a significant threat vector compared with a device that is provisioned and controlled by the organisation.
View our 5 easy steps to improve your cyber resilience.