The Cybermaniacs Intro to the Hacker Ecosystem The stereotypical view of a hacker is a young man living in his mother’s basement and hacking into...
Moments & Risks in Securing Your “New Normal” Workforce for 2021
remember when we could comfortably say 2018 and 2019 were "simpler times?"
Thanks to the Pancession, Panicdemic, and Murder Hornets, 2020 is shaping up to be a real kick in the nether regions. Remote Teams, Virtual Work, Gig Economy, Demographic Change, and more face all businesses to leverage as strengths or mitigate shortcomings.
Here is a hybrid perspective between HR & Cybersecurity to help small businesses plan for the future post COVID. Hopefully, post COVID.
Before the pandemic and economic crisis, cyber security was a major threat to business growth, continuity, and even survival. 60% of small businesses that suffered from a major data breach were out of business in less than a year. The average breach took 2 weeks to recover to a semblance of normal business operations, many companies had to inform customers about breaches and destroyed years of trust in a flash.
You may have had this happen to your company, you may have heard it on the grapevine- small businesses being taken down by cybercriminals, wire fraud, and even state-sponsored malicious actors- basically, it’s not an urban myth anymore.
Recovery and a path to stability for the rest of 2020 and into 2021 need to encompass the traditional business fundamentals (bring in the revenue, stabilize the operations, focus on the core, or pivot to a new market) and the new business fundamentals (agility, harnessing data, leadership/culture, and cybersecurity). To NOT consider your company’s security, and as 80% of breaches are caused by humans doing what humans do, to NOT consider your staff’s ability to defend your business from attack, breach, fraud, theft, hacktivists, and more…. Is like being the character from a horror movie that doesn’t have a name and thinks it’s ok cause the zombies won’t get him and they kill him off in the first scene.
30 Million + Unemployed = Buyers Market
As of the end of May 2020, the United States has over 30 million people unemployed. The very tight labor market of the past few years tipped the balance in favor of the workers, with benefits and salaries, perks and bonuses starting to get almost "dotcommey" in inflated puffery.
The crisis forced many out of business, and many more to furlough workers and search for financial bridges. When the recovery starts to move, companies will have two new things to consider: Available talent at better prices (for the company), and possibly sourcing that talent from a wider geographic area if they are able to continue with remote work.
“We are being thrust into an economic vortex the likes of which we have never seen before, nor have prepared for. I have been prepping my clients for what the talent market will look like for the balance of 2020 (which is a wash) and for 2021. The fact is, the currency of candidates will be ample, with stacks of resumes to choose from and the smart ones are going to entertain opportunities at 20-30% below market rate. My advice is take the opportunity, help rebuild the struggling economy and be part of the market reset, which will recalibrate itself over the next several years. It’s not ideal, however, “you gotta’ be in it to win it” says Angelo D’Agostino of HCG Advisors a full suite HR Consultancy for SME.
Human Cyber Consideration
Securing remote workers and especially those who work at home requires different approaches- both technical in terms of their access and information work, but also in terms of security. Our security postures change based on the environment and emotional state- if your organization will be one of the many maintaining remote work as a modus operandi for the future- that new context should be reflected in your learning paths and content.
Tap Into The Gig Economy
More companies will tap into the Gig Economy. In the past 10 years, the growth of the gig economy and contract work has grown, offering freedom and flexibility for many untapped sources and allowing specialists to create highly tuned niches of talent. Forward-looking small and midsize companies will harness this talent to accelerate their recovery and stability, with more virtual C levels, partial roles, service stacks, and freelancers helping out as needed.
Securing this wide range of people, skills, information access, and supporting technology is a real challenge. Last stats from 2018 show that only a quarter of small and midsize businesses do any training on security awareness. Thinking that your contractors, partials, freelancers, and other gig workers aren’t ‘in’ your business if you give them ‘access’? Don’t be ridiculous.
Human Cyber Consideration 2
One size fits all training often skips over contractors, and many small to midsize businesses have yet to implement workflows and services to better manage access to information and systems. How will you ensure the levels of safety and security needed for everyone who accesses your information and data? Think about how you can bring contractors and temporary workers into a secure mindset the first day they start their work.
Mass Retirement = Demographics Workforce Shift
Early stats are showing that we may see mass retirement due to this crisis, shifting the demographic makeup of the workforce to Gen X, Millennials, and Gen Z. We’ve written about how to secure your Millenials HERE.
Angelo says : “Given the fact we are facing the highest unemployment rates in modern times, the stats show what is truly a natural progression for the active workforce. In many ways, this pandemic has positioned us uniquely to attract, grow and retain the incoming workforce. I like to refer to it as “the shift” (whether allowing work from home scenarios, which is not optional at this point, or offering benefits/perks that are non-traditional but have come to be expected from this new crop of workers, it really has become battle of the fittest (a modern day hunger games for talent) all taking place in a post-apocalypic future, or as we know it, 2020…and who doesn’t want to be a winning ‘tribute’?!”
In light of the differences in technology consumption patterns, views on privacy and personal data, lack of institutional trust, valuing authenticity over tradition- there are significant considerations to discuss as a company about your risk profile when you put your company’s technology and data in the hands of new generations.
Human Cyber Consideration 3
Writing governance and policy from a demographic and values standpoint and ensuring messaging engages the audiences you are speaking to. Many times we write the same message in three or four different ways, to deliver maximum impact and minimum change resistance- The art of persuasion and influence starts with knowing your audience, and through 2020 and 2021 consider how your internal workforce demographics will shift.
The Final Word
The hardest part of the change, which goes against the way human brains work, is not using the thinking skills and hard-earned truths that got you to the successful place you are today. What your business ‘did’ to be successful across all functions may need to change. Revenue is still king, but how you go after that revenue and where it comes from could change. Risk is still there, but what you prioritize to hedge against and how you strategically consider your defensive positions should change fast.
Here are 3 practical things to consider enacting today to prepare your company for survival and even growth during the economic recovery. Keep your employees cyber safe, productive, and happy- you have a better chance of staying in business.
3 Things to Do Now
1.Consider a more holistic approach to developing digital skills and cyber security awareness at your company than just phishing training.
2.In a buyers market of talent, will you be able to source new team members virtually, rather than require an in-office presence? If your company has the digital capability to do so, using contract and remote work can keep operations running for less operational capital, as long as security and access are properly considered as a first step.
3.Review policies and your 3rd party supplier agreements to make sure your business is future-proofed for accelerated digital transformation and security needs. They don’t need to be complex, but putting the rules of the road clearly for employees and having alignment with your service providers is a key step of maturity toward digital, remote, and virtual success.
More from the Trenches!
What is the Value of a Holistic Cyber Security Perspective? Most cyber security products and training focus almost entirely on phishing attacks....
6 min read