Organizations of all sizes are being impacted on a day-to-day basis by the policies required to fight COVID-19. Security is a human challenge that requires an understanding of the drivers that people face. This series looks at the people impacted by the current crisis—their priorities, the impact on their lives, and how their circumstances can impact the security of the organizations they work for.
Isolation means more than just being at home and getting your job done. The impacts of such a massive reduction in the variety of people’s lives are affecting us all in different ways. Lots of different parallels can be drawn to other forms of isolation and the impact on human beings. One that interested me is the subject of astronauts.
Of course, none of us have to deal with gravity changes, the prospect of being sucked out an airlock, or solar storms irradiating us, but the parallels of a repetitive routine, limited exposure to varied environments, and human interaction—combined with spending all our time in one place—are relevant. NASA goes to great lengths to keep astronauts in contact with their friends and family. They provide them access to social media accounts, video conferences for communicating, the latest TV seasons. They are encouraged to take up hobbies–sound familiar?
All of this is for the astronaut’s well-being. The goal is to ensure they are effective and do not make mistakes, the greatest risk for them in their fragile environment.
The current situation presents similar challenges for our employees: the limited variety of the day-to-day, absence of time to think and digest when commuting or the decompress during downtime at home are no longer present–all things that are vital for objective thought and situational awareness. Normally, these things are what stops us from making any mistakes that can cause security breaches.
The need for awareness is more important than ever. It’s not news to anyone that attackers are leveraging the current situation for their own gains, as seen in the increase in phishing attempts. People are much more likely to click that link in an email. Users are even more likely to be making use of security workarounds to get the job done.
With the distractions and increased confusion for people working from home, and increased stress across the board, we can borrow a trick from NASA and provide near-constant re-enforcement.
Many organizations are having more frequent all-hands calls. Make time during each one for some quick security messaging. If that’s not possible, team leaders can give a few minutes on their calls to remind people of vigilance. Security leaders can give them a quick set of bullet points to reinforce.
Make internal communications stand out:
- Quick recorded video messages may be more effective than dry emails that are prone to be skipped over.
- Make messages very clear—stick to bullet points and simple advice.
- Try and introduce some humor that gets across a point. Everyone needs a laugh right now and there are lots of comedic security images and comics that help.
Employees are much more likely to miss phishing attempts amongst all the disruption. Acting fast to make employees aware of a risk is critical. They don’t have colleagues around them to help organically with this: Enable IT teams to email the whole company immediately when they become aware of threats, either from external or internal sources.
In the end, our teams are mostly in unfamiliar territory. Any support we can give that negates potential misunderstanding or confusion is going to protect the organization from attacks; and therefore, protect the business.