The growing “work from anywhere” movement provides immense flexibility for security industry professionals to take their work home, to their favorite coffee shop, or on vacations, and perform work through any device – personal or company issued. With these new workplace flexibility policies, we can build our careers in a way that supports our lifestyle. However, with the blurring of boundaries between our personal and work environments, we somehow disregard the importance of critical thinking and cyber safety.
As security leaders continue to assess the lessons learned through nascent “work from home” policies, new cybersecurity vulnerabilities have unfolded in the likeliest and unlikeliest places – from ensuring access to VPNs or secure wireless networks when connecting to devices to creating new security agreements with employees, such as a “clean desk policy” when a computer or device is left out in the open.
Smart cybersecurity policies must now account for our future of work –a hybrid between the secure networks of our brick-and-mortar offices and the open networks of our homes and public spaces. Organizations will succeed by empowering employees through adopting a “Digital Citizen” mindset, accounting for social media use on workplace devices, and encouraging employees to practice the principles of smart mobile device use, no matter how, when, or where they work.
The Digital Workplace Requires a Digital Citizenship Mindset
Security leaders are now facing a rapidly changing pace of social and digital innovation, exposing employers and home workspaces to security breaches we may not even realize are occurring. Today, corporate and security leaders can integrate “Digital Citizenship” policies to address the security risks from employee usage of social media on BYOD or company-issued devices.
Anyone who actively participates in the use of technology and engages with others via cyberspace is a citizen of the digital universe. In other words, anyone with Internet access is a Digital Citizen. Our employment depends on our reliable access to digital tools and internet connectivity. Even people who claim to be “off the grid” still have data they’re responsible for somewhere on the Internet.
Online community building and digital communication present unprecedented opportunities for global collaboration and understanding. But this comes at the risk of employee exhaustion without policies directed forward hours on/hours off, what network channels we use to communicate, and ensuring that work stays at work. Suppose an employee uses a personal mobile device or computer to access their work. In that case, it is critical that they put measures in place to not inadvertently share sensitive, private data with their colleagues or clients.
How companies define digital citizenship comes from a place of caring and empathy for being a part of a shared digital universe. Leadership and management must collaborate and decide how they want to demonstrate through thoughtful language and empathy how to integrate an organization’s missions and goals through our digital interactions. Consequently, security leaders may need to collaborate to address negative digital interactions or hostility when it occurs and stop the spread of bad practices before they impact your organization’s culture.
Like, Share, and Update Your Social Media Policies
How many of our colleagues use the same mobile device to check email, join meetings, and access social media accounts? With the click of a button, we can toggle on our phones between Instagram reels and company emails. Our computer cameras may be on, but we may never know if our colleague’s eye contact is focused on the conference room or if it’s reading a Facebook newsfeed. We all toe the line of what it means to be “present” and pay attention while in digital meetings, but when we do so, we’re not only taking our employer’s time away but also exposing our colleagues to new security risks.
Social media policies must be continually assessed and updated as we face the reality of employee social media use at work and on work devices. Social media is designed to be addictive – we have all been drawn into social media, and our time has been lost. Security leaders may need to address lost productivity from employees who are compulsively engaging on social media networks.
Linking personal social media accounts to company-issued devices also leaves a two-fold security exposure. First, the employee’s personal information is now a part of your company’s network. Should they be hacked or their accounts be compromised on their personal devices, that vulnerability will extend to any device where their accounts are active. A smart and simple policy change would be to have employees agree not to access personal accounts from corporate-issued devices.
Marketing teams increasingly rely on social media to carry your organization’s message, disseminate news, reach new customers, and drive media attention. Work with your marketing leadership to confirm that your organization’s accounts are secure, that multiple team members have access, and that two-factor-authentications are enabled. Protect your corporate brand by working with your marketing team to ensure they are not inadvertently disseminating your employees' private company information or personal identifying information.
Practicing Cybersecurity Principles at Home
Corporate cybersecurity practices can be brought home to help families engage in online networks and social media responsibly and safely. When work comes to our home offices, our families can be a part of creating a secure network. While we may not want our families to sign employee agreements when they enter our office while we’re on a meeting, we can use many corporate security principles to protect our families and their devices while we work from home.
The Digital Citizen’s Guide to Cybersecurity stems from decades of experience working with security industry leaders and provides practical information on how to build proper cyber hygiene to keep you safe online.
Our digital workplace and work from anywhere policies have been embraced by the world as we navigated a pandemic. Today, we have applied remote work best practices to drive our career development and growth further. Global connectivity, the internet, and our ability to work remotely can be a gift. Security leaders are the source for how employees can use this new way of work responsibly for us, our customers, and others. After all, cybersecurity isn’t simply a single person’s responsibility—it’s everyone’s responsibility.
About Antoinette King
Antoinette King founded Credo Cyber Consulting in 2020, providing her clients a holistic perspective on a cyber-physical security program focused on data privacy and protection. She is the author of The Digital Citizen's Guide to Cybersecurity: How to Be Safe and Empowered Online. Antoinette has been a member of ASIS since 2016 and is currently the ASIS Women in Security (WIS) Publication Committee Chair. She is also the recipient of the ASIS WIS Karen Marquez Award (2022).