How to treat employees like adults if they behave like children

In January 2020, employees around the world were debating business decisions in brick-and-mortar meeting rooms and chatting around water coolers. A few months later, they…

Security Center of Excellence profile picture
Security Center of Excellence

August 26, 20205 minute read

In January 2020, employees around the world were debating business decisions in brick-and-mortar meeting rooms and chatting around water coolers. A few months later, they were working from home, sometimes using personal phones, PCs and other devices to do their work.

This rapid shift in working patterns and locations immediately highlighted some deep-rooted security shortcomings of the new “WFH”.

Insecure and unprotected Wi-Fi. Out-of-date – or totally absent – antivirus software. VPN setup challenges. Uncertainty over how to safely share confidential client data while family members used the same network—and sometimes the same devices—to do homework, play games and stream movies.

For organizations that want to be better prepared for future business disruption, whatever the cause, getting remote work right requires companies to put security at the heart of everything they do. And it must be done in a way that’s simple and straightforward for employees while removing any temptation for employees to take naïve shortcuts or make uninformed mistakes.

Current cyber security challenges

The rush to remote working put a spotlight on all kinds of security problems: people opening phishing emails about COVID-19 “breaking news,” using personal email accounts and insecure personal devices for work matters, ignoring company policies on how to share sensitive data, and more. But these problems aren’t really new.

Study after study has shown that busy employees – wherever they work – have little time or patience for security that slows them down or makes things more complicated. Many aren’t even familiar with their company’s security best practices. The research also shows that stricter policies and training don’t necessarily translate into better employee security habits.

Bottom line: too often, organizational security policy differs from employee security practice.

This creates big challenges for enterprises looking to secure every endpoint, ensure reliable backups, prevent viruses and phishing attacks, and protect confidential business documents and information. And doing all of that is vital for resilience.

Smarter, more resilient security

What’s the solution? While it might seem counterintuitive, organizations improve security and resilience when they “stop trying to fix the user” and fix the system. That is, when they start making it easier for people to work, rather than locking down devices and systems even more tightly.

This means making security seamless and invisible. Not having to think about security means employees don’t have opportunities to bypass security—it just happens. This is now possible thanks to advances like automation, machine learning and artificial intelligence. For example, OpenText’s Webroot Platform uses these technologies to continually watch for and identify threats – known or unknown – and proactively protect data.

Businesses can also boost their resilience by applying the same seamless thinking to data backups, document management and collaboration. At OpenText™, we recently rolled out Carbonite Endpoint to all OpenText devices, without requiring employees to take any action.

OpenText IT was able to seamlessly deploy Carbonite Endpoint to over 12,000 users in under three weeks. Even with the pandemic and staff working remotely, we were quickly able to protect all our endpoint data while bringing peace of mind to staff.

Danny Torchia, VP, Corporate Technology, OpenText

Using Carbonite Endpoint, OpenText can now automatically back up data from work devices onto the cloud. The application was installed automatically on employee devices and runs continuously and invisibly in the background, regardless of which device users are working on, because accounts are user-based not device-based. This is an example of how to make security seamless and automated for your employees.

Taking steps to improve procedures and documentation also protects organizations for the long term. By making processes – as well as information – more secure, businesses improve their resilience, come what may.

Secure working means more than cyber security. It requires cyber resilience, or “the ability to defend against attacks while continuing to do ‘business as usual’ successfully”. Cyber resilience protects your entire organization – its data, its systems, its people and its ability to operate – no matter where your employees are located. This mitigates risks and ensures business continuity. It’s a more strategic way of thinking that enables your company to better expect the unexpected.

Knowing that 100% prevention of cyber compromise is not possible at present, resilience for the modern enterprise also includes the ability to limit the impact of a cyber-attack and recover quickly. OpenText™ EnCase™ Endpoint Security enables rapid detection of a cyber compromise from across the enterprise, and enables rapid response to ensure threat eradication and recovery. Data breaches often take weeks or months to develop and mature, leaving a critical window of time for organizations to discover a growing compromise before it escalates into a debilitating breach.

Learn more about how EnCase can help your security team detect advanced cyber threats or targeted cyber-attacks across an enterprise IT environment, and then confidently and comprehensively respond to return your environment to a trusted state. Discover how OpenText can make it easier for people to work securely and seamlessly as you invest to recover from the business disruption caused by COVID-19.

Share this post

Share this post to x. Share to linkedin. Mail to
Security Center of Excellence avatar image

Security Center of Excellence

See all posts

More from the author

Threat alerts

Threat alerts

December 2021 December 14, 2021: Log4j Summary: Top US cybersecurity officials have warned of the zero-day vulnerability found in the Java logging library Apache Log4j….

1 minute read

Lessons from the SolarWinds attack: How to protect your business

Lessons from the SolarWinds attack: How to protect your business

By the time it was discovered in December, the SolarWinds cyber attack had evaded the security defenses of and penetrated at least 18,000 government agencies,…

5 minute read

The HAFNIUM Attack on the on-premises Microsoft Exchange Server

The HAFNIUM Attack on the on-premises Microsoft Exchange Server

On March 2, Microsoft announced that its on-premises Exchange Server had experienced multiple 0-day exploits. Microsoft commented: “In the attacks observed, the threat actor used…

3 minute read

Stay in the loop!

Get our most popular content delivered monthly to your inbox.