check that it’s working, and be prepared
to spend time online helping them fix
things if they go wrong.
If their security software produces
warnings that you know they will have
seen, make sure you review those
warnings too and let your users know
what they mean and what you expect
them to do about any issues that
may arise.
Don’t patronise your users but don’t leave
them to fend for themselves either – show
them a bit of cybersecurity love and you
are very likely to find that they repay it.
Make sure they have somewhere
to report security issues
If you haven’t already, set up an easily
remembered email address where
users can report security issues
quickly and easily.
Remember that a lot of cyberattacks
succeed because the crooks try over
and over again until one user makes an
innocent mistake – so if the first person
to see a new threat has somewhere to
report it where they know they won’t
be judged or criticised (or, worse
still, ignored), they’ll end up helping
everyone else.
Teach your users – in fact, this goes
for office-based staff as well as
teleworkers – only to reach out to you
for cybersecurity assistance by using
the email address or phone number
you gave them. (Consider snail-mailing
them a card or a sticker with the details
printed on it.)
If they never make contact using
links or phone numbers supplied by
email, they are much less likely to get
scammed or phished.
Make sure you know about
‘shadow IT’ solutions
Shadow IT is where non-IT staff find their
own ways of solving technical problems,
for convenience or speed.
If you have a bunch of colleagues who
are used to working together in the
office, but who end up flung apart and
unable to meet up, it’s quite likely that
they might come up with their own ways
of collaborating online – using tools
they’ve never tried before. Sometimes,
you might even be happy for them to
do this, if it’s a cheap and happy way of
boosting team dynamics. For example,
they might open an account with an
online whiteboarding service – perhaps
even one you trust perfectly well – on
It’s vital not to let
the precautions
intended to protect
the physical health
of your staff turn
into a threat to their
cybersecurity health
at the same time.
their own credit card and plan to claim it
back later.
The first risk everyone thinks about in
cases like this is: what if they make
a security blunder or leak data they
shouldn’t? But there’s another problem
that lots of companies forget about,
namely: what if, instead of being a
security disaster, it’s a conspicuous
success? A temporary solution put in
place to deal with a public health issue
might turn into a vibrant and important
part of the company’s online presence.
So, make sure you know whose credit
card it’s charged to and make sure you
can get access to the account if the
person who originally created it forgets
the password, or cancels their card.
So-called’ ‘shadow IT’ isn’t just a risk
if it goes wrong – it can turn into a
complicated liability if it goes right.
Most of all, if you and your users
suddenly need to get into teleworking,
be prepared to meet each other half way.
For example, if you’re the user and your
IT team suddenly insists that you start
using a password manager and 2FA
(those second-factor login codes you
have to type in every time) . . . then just
say ‘sure’, even if you hate 2FA and have
avoided it in your personal life because
you find it inconvenient.
And if you’re the Sysadmin, don’t ignore
your users even if they ask questions you
think they should know the answer to by
now, or if they ask for something you’ve
already said no to . . . because it might
very well be that they’re asking because
you didn’t explain clearly the first time, or
because the feature they need really is
important to doing their job properly.
We’re living in tricky times, so try not to
let matters of public health cause the
sort of friction that gets in the way of
doing cybersecurity properly. u
www.intelligentciso.com | Issue 24
65