enterprisesecuritymag

Biggest Risk - People or Technology?

Deana Elizondo, Director, Cyber Risk & Security Services, American Electric Power

Deana Elizondo, Director, Cyber Risk & Security Services, American Electric Power

2020 has been a year we will never forget. The COVID-19 pandemic sent many employees to work from home and find new ways to be effective in a virtual environment. We’ve had to make adjustments to our security practices while keeping our #1 focus on our employees – our most valuable asset. How do we ensure the mental and physical well-being of our employees when we are no longer seeing each other on a daily basis? It’s critical to stay connected, keep the culture alive, and make everyone feel they are a valuable contributor to the team and company mission. We have increased the frequency of team meetings and individual discussions and are taking advantage of collaborative tools.

One of the biggest security risks in this new working environment is data protection and data loss. As long as you are connected to your company’s network, you have built-in protections. But what happens if you need to print a confidential document without a work printer? Do you allow printing to a personal printer? Having solid security policies and standards in place will certainly help, but most likely you will need to write a few new ones. We’ve also had to increase education and awareness around unauthorized access to confidential or sensitive data that is now in the home instead of the office. If an employee’s role requires the handling of confidential or sensitive documents, you may need to require a dedicated work space, clean desk policy, secure data transmission, encrypted PCs, and privacy screens.

Most companies were working on initiatives knowing the future of work will look different than a traditional office environment. Little did we know we would be thrust into that world immediately and with no warning. What might have been a temporary work situation will become the new norm after the pandemic is over. Work teams have proven they can be just as effective, if not more so, in a remote work environment. However, these new working arrangements can bring new challenges, such as keeping company culture alive and employees engaged. Are managers trained and equipped to lead remote teams? If not, it’s important to provide training and mentors. What about the process of on boarding and training new employees remotely? Micro-training and assessments are good options to gauge progress and determine next steps.

On the plus side, a more permanent remote strategy expands the geographical area of your talent pool. When this is done right, the benefits can include higher retention, increased productivity, and more successful recruitment of hard-to-find skilled or niche security resources. Employees who are strong communicators and collaborators will be successful in this new remote working environment. Although they will miss the direct people interaction, they will get the job done. Reducing security risk is always a top priority for any security team, but our #1 focus should remain on the people. Make sure they feel included, nurture the sense of teamwork and provide career development opportunities. By managing security and people risks, we can continue to be successful in this new world of work.

Read Also

How to Leverage Zero Trust to Combat Fraud

How to Leverage Zero Trust to Combat Fraud

John Kupcinski, Director, Information Security Transformation, Freddie Mac
Mitigating Cybersecurity Risks

Mitigating Cybersecurity Risks

Giuseppe Donvito, Partner, P101 Ventures ("P101")
The Evolution of Cybersecurity in the COVID-19 Era

The Evolution of Cybersecurity in the COVID-19 Era

Cedric Gourio, Chief Information Security Officer, Allianz Partners
The Key Practices to Reduce Turnover and Shorten Time to Fill Positions

The Key Practices to Reduce Turnover and Shorten Time to Fill...

Dave Stirling, Chief Information Security Officer, Zions Bancorporation
In 2021, the Last Thing We Need is Another Security Tech Hero

In 2021, the Last Thing We Need is Another Security Tech Hero

Henry Mason, VC Investor, Dawn Capital
 Are You an Information Security Manager?

Are You an Information Security Manager?

Jana Puskacova, CISO, Slovnaft