How to make sure remote workers learn security skills from others – Part 2

CybSafe

We are CybSafe. We’re a British cyber security and data analytics company.

July 1, 2020

As we discussed in part one of this post, isolation restricts remote worker security.

(Read part one here before continuing.)

Remote workers can’t watch others. They rarely receive verbal feedback. 

And even if they did, remote workers tend to feel their environment prevents security – which limits their learning.

That’s all proven to cap remote worker security.

So what can you do about it?

Improve situational support

Let’s start from the bottom. 

To improve remote workers’ security, we need to improve their “situational support”. Translated, we need to make sure remote workers feel their environment aids security. 

Because let’s say we tell remote people unsecured public Wi-Fi is dangerous.

We tell them it lets people snoop. It can even reveal their passwords.

Suddenly, people lean in. They’re curious. Maybe even scared. They want to know how they can stay safe.

So we tell them to use a VPN.

But they don’t have access to a VPN. 

That’s when they disregard everything they’ve just learned.

That’s pretty much what happens when people feel their environment is working against them. It prevents learning. So security pros need to make sure remote workers have access to the resources they need.

That starts with a review of the current state of play. Review what people have. Review how accessible resources are. And ensure people know how to get to them.

This ties in with communication. Often, resource and communication policies are designed for office-based workers only. They need to work for remote workers too. Remote workers need access to processes that enable security. The processes should be easy to access with little friction. (In a recent CybSafe survey, 37% of people believed they had no working from home security policy pre-COVID-19.)

Resources and communications give remote workers a foundation. And that lets them build their security skills. 

Give verbal feedback

With step one done, get remote workers some verbal security feedback. 

Clearly, this is tricky. You don’t sit with remote workers at lunch. They get no praise for doing the right things. Often, nothing much seems to happen when they do the wrong things. 

So you can see why they might be tempted to take shortcuts.

We can encourage them not to with verbal feedback.

Feedback should, of course, meet certain standards. It should come from a credible source. It should cover not just outcomes, but the behaviours that led to outcomes.

Feedback should never dent people’s confidence. Instead, it should build it. So grade feedback based on capabilities. 

Praise small successes. Success is addictive. We like to repeat our success-inducing behaviours.

Aid observation

By definition, remote workers work elsewhere. 

So how can we help them gain “vicarious experience”?

For a start, let’s simplify the question.

How can we help remote workers see what others are up to?

Rephrased, the task seems much more achievable. Case studies, for example, would help. As would line management discussing security. 

Colleagues can share phishing emails. 

And it’s surprising how few companies promote success stories.

We need to help remote workers “see” what others are up to. 

It’s not easy. But it’s also far from impossible.

See people as a solution

Securing remote workers is a challenge. Still, it’s worth putting the challenge into perspective.

Remote workers overwhelmingly want to follow security policies. They’re not a liability. They want to help. 

So how hard can it really be?

Helping remote workers stay safe requires some thought and creativity. But it can be done.

Just look at borderless security awareness.

When done well, remote workers become another cyber defence.

 

We also want to invite you to our new ‘Borderless Cyber Security’ webinar taking place on 27th August 10 – 11:30am. Join us to discover how you can adapt to a #BORDERLESS world with CybSafe, you’ll also get:

  • Practical hints and tips you can put in place to enhance your borderless security awareness strategies.
  • An understanding of how to develop a culture that facilitates secure attitudes and behaviours in the face of change.

Sign up now.