The changes triggered by the coronavirus pandemic is leading many companies that were not prepared for their employees working from home to accept it out of necessity, with all that this entails.
On the one hand, there are old-fashioned companies obsessed with absenteeism that never bothered to install the right technology to allow for their employees to work from home, because they never conceived of them doing so, and that now find themselves lacking the protocols, practices and tools needed to provide minimally secure channels.
Then there are organizations with paranoid IT managers who have implemented practices that were never intended to enable working from home, and who are now discovering in the new context created by the pandemic that their policies largely prevent employees from connecting to their systems.
All the signs are that the pandemic will change to varying degrees the way we work: many of the practices being imposed in organizations as part of the security measures needed to combat the spread of the pandemic will likely remain in place after it has been brought under control.
Which prompts the question: what qualities are required of corporate IT security managers? To begin with, given that we are talking about a constantly changing environment, they must be up to speed regarding the many threats to their systems and the tools potential attackers could use, along with the skills needed to understand these threats and deal with them. As things stand, the sad truth is that the majority of security managers lack even the essential skills required for the job.
But like all jobs, in addition to some essential requirements, there are other “desirable” skills, the border between which tends to be blurred. Here we have a series of criteria that have more to do with psychology than technology, but as good security experts know, they can be essential: besides the much discussed social engineering, we should mention a fundamental characteristic, called empathy. Empathy is defined as “the ability to perceive, share and/or infer the feelings, thoughts and emotions of others,” and in an area like cyber security, it is completely fundamental.
Regarding a cybersecurity officer as someone who simply merely dictates rules and uses certain tools is far from helpful. Knowing the people whose activity you have to supervise is fundamental and can prevent tensions and misunderstandings: the reality is that in most companies there are people who are completely ignorant in this area working alongside others who are reasonably well informed. As the head of IT, If you believe that your work is measured solely by the absence of intrusions or security problems, you are wrong: every time somebody in your organization finds themselves in a situation where they cannot access information that is essential for their work, you have done something wrong. The idea that your job is simply to prevent security breaches is simplistic, because that can be done simply by shutting the system down.
There are many aspects to cybersecurity. If you prefer to force your employees to memorize increasingly long and complex passwords and force them to change them every three months, instead of teaching them how to use a password manager, you’ll find that they simply write them down on a post-it and stick them in the place where they usually need them. If you implement a two-factor system and do not properly train people in its use, you will create situations bordering on the ridiculous. If you do not consider the impact of changing the usual practices of the people who work with you, you may leave some people without access, leading to disruption or loss of productivity.
Cybersecurity is much more than simply preventing someone from accessing areas where they shouldn’t be: it is also extremely important people who need access can do so without having to stand on one leg while reciting the alphabet backwards. If you run a company, and in an exceptional situation like the present one, you find yourself faced with a wave of protests from the workforce claiming that your security protocols are preventing them from doing their job normally, you probably have the wrong security manager.
Find The Source Here.