Skip to Content
Cyber and Privacy Risk and Insurance

The Importance of (Remote) Security Culture in Mitigating Risks

Mark Lanterman | December 11, 2020

On This Page
House with lock and chain

When looking forward to the new year, it is important to take into account how your organization prioritized cyber security, implemented policies and procedures, and managed security culture in 2020. COVID-19 brought about many unprecedented challenges, one being a shift toward remote work.

Months into the pandemic, many of us continue to work from home. It is critical that cyber-security practices in our organizations be consistently reviewed and assessed to maintain optimal security while also allowing for efficiency, ease of use, and efficacy. When we are away from our physical workspaces, it is important to consider how we manage personal security in our home offices.

It is undoubtedly much more difficult to shape security culture when employees work from home. However, top-down management support and leadership remain the critical factor in establishing a strong security posture; conveying expectations and reviewing compliance are ongoing. Some critical areas to consider in your review may be the utilization of two-factor authentication, best practices for using cloud technologies, cyber-threat awareness and training, cyber-event reporting, software updating, and verifying that employees use approved dedicated work devices.

Secure Routers

One important aspect of our ability to work from home is ensuring a strong Internet connection, but if that inexpensive router you just found online seems too good to be true, it just might be. A recent CyberNews article revealed glaring security issues in cheap routers available through retailers like Walmart and Amazon, "suspicious backdoors have been discovered in a Chinese-made Jetstream router…. This backdoor would allow an attacker the ability to remotely control not only the routers, but also any devices connected to that network." 1

The article concludes by advising those that currently have the routers in question to stop using them and to do a deep clean of any connected devices; it also recommends that if you were considering buying one of these devices, choose another company instead.

Security Has Its Price

The Internet of Things poses a number of threats to our security. While organizations may document remote work devices, it is important to provide employees with guidance regarding their Wi-Fi connections. It is also recommended to use virtual private networks while working remotely.

As consumers with a myriad of buying options, it can be tempting to focus on price over all else. However, as is the case here, it pays off in the long run to purchase devices from well-known companies with a potentially higher price point. Though no Internet-connected device is ever immune from the threats that we face on a daily basis, this is a more cautious route. It is helpful to do your research before purchasing, and if you are having trouble finding a lot of information about a given product, it may be a sign that it has its problems.

Staying apprised of cyber-security threats and trends, and communicating this information to your organization, assists in better identifying potential issues. Organizations should provide regular education to employees about cyber threats and how to report incidents.

The least expensive option in the short-term may end up costing a lot later. It is important that organizations provide guidance to employees when it comes to remote devices and technologies, as well as information on cyber-security best practices. Managing a number of different remote environments requires constant vigilance and participation, as well as training and education. A sound culture of security extends beyond the physical work space; however, it requires extra work to maintain and improve.

Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.