Risky online behaviors to avoid for a safe hybrid workplace
Hybrid work models are here to stay. Thanks to progressive vaccination rollouts, life in countries like UAE and Saudi Arabia have largely returned to normal. But it’s highly unlikely all organizations will ever fully return to pre-pandemic work models where employees were expected to work from an office all the time.
In a recent virtual roundtable discussion with security leaders in the UAE, hosted by Mimecast, participants discussed the impact of hybrid work models on their overall security posture and cyber resilience. According to participants, employees working from home pose security challenges that many organizations are yet to fully understand.
While it is tempting to simply deploy new technologies to keep remote users safe, this can lead to a cluttered security environment that becomes nearimpossible to manage effectively. Keeping things simple and working to perfect processes could yield better results in protecting the organization from the wide array of modern cyber threats.
In the education sector, most places of learning still rely on online learning. Here, the use of virtual private networks (VPNs) with multi-factor authentication helps enable students and teaching staff to connect to online learning securely.
In most cases, however, it is the behavior of the employees or end-users themselves that pose the greatest risk to an organization’s overall resilience against cyber threats.
The critical role of employee behavior
As the last line of organizational defense, employees play an invaluable role in protecting the organization from attack. The pandemic initiated a stunning rise in the volume and sophistication of cyberattacks, putting employee behavior front and center in the fight for greater cyber resilience and security. In the latest Mimecast State of Email Security report 2021, 39 percent of organizations in the UAE reported an increase in internal threats or data leaks initiated by compromised, careless or negligent employees.
Half of UAE organizations were also hit by an attack where an infected email attachment spread from one user to other employees, while 43 percent reported the same for emails infected with malicious URLs. Seventy percent also said they believe there is a risk of an employee making a serious security mistake using their personal email.
Putting the organization at risk
Organizations in the UAE face particular challenges with employee behavior. In research conducted in 2020, respondents from the UAE reported the greatest use of company-issued devices for personal activities among all countries surveyed. Nearly nine in 10 (87 percent) respondents in the UAE said they use their work-issued device for personal activities, against a global average of 73 percent.
In response, organizations across the region are prioritizing cybersecurity awareness training. In fact, all organizations (100 percent) surveyed for the State of Email Security research conduct some form of cybersecurity training, with nearly half (47 percent) providing training on at least a monthly basis.
However, organizations should not be lulled into a false sense of security. Awareness training alone cannot
protect the organization from employees engaging in risky behavior. In the same 2020 study into personal use of work-issued devices, every respondent from the UAE said they were aware that links found in emails, on social media and in websites can infect their devices, and yet 61 percent said they opened suspicious emails nonetheless.
Organizations need to embark on a continuous process of regular, effective and engaging cybersecurity awareness training to help employees avoid some of the common behaviors that could put them and the entire organization - at risk.
Risky behavior to avoid
Never click on unknown links in emails. Threat actors habitually embed malicious links that could expose the user to malware and other threats. These can easily spread from one user to another and cripple organizational defenses.
Never open or share email attachments unless you are 100 percent sure that you trust the sender, that the sender is not being impersonated and that you are confident that you know the attachment is not malicious. Don’t use your work device for personal activities. The more a work device is used for non-work activity, the greater the risk that the user unwittingly shares sensitive information, clicks on malicious links, downloads malware or otherwise expose the organization to cyber threats.
Don’t reuse the same password across multiple accounts. If you log in to your personal email with the same password you use to access work systems, you could inadvertently expose the organization to a data breach. Use unique passphrases for every service to avoid the risk of having multiple accounts compromised by one successful breach. Take additional precautions with securing home WiFi networks. Employees are increasingly using their home networks to access work systems, and these networks are often less secure than enterprise networks. Ensure you have adequate security measures in place to protect your personal network.