Companies often struggle to create and enforce robust cybersecurity strategies, partly because compliance varies among employees. This inconsistency could be caused by the specifics of job roles within the company that might make policies more or less inconvenient to employees based on their position. In addition, different levels of security awareness and technical skills across an organization can create further security challenges.
With the majority of employees now being forced to work from home, those security skills gaps are now even more apparent. If employees struggled to follow cybersecurity protocols in the office, they might have even more difficulty when they’re at home. These days, it is not uncommon for professionals to be working alongside their children, who are likely either loudly taking part in Zoom calls and Duolingo sessions, or boisterously playing, nearby. Even without children in the picture, folks adjusting to a remote work environment may be more distracted and disciplined than they are in the office.
MSPs that want to ensure their employees are adhering to cybersecurity programs, or improve their clients’ ability to do the same must make the following security practices part of their hiring and training processes.
Invest in training: Provide regular cybersecurity training for all employees — veterans and new hires — from the C-level down. This improves cyber awareness, and periodic refresher training (which can be conducted in person or online) will help keep everyone up-to-date on the latest threats.
Refresh and modernize your security technology: New security tools that leverage artificial intelligence and machine learning can help reduce risks by eliminating human error in identifying potential threats. These solutions also help determine which employees are more likely to become victims of a phishing scam or other type of attack, and then recommend additional relevant training for those employees.
Regularly test for security gaps: Even with technology and training in place, employees will still make mistakes. Conduct regular tests of your network to check for potential vulnerabilities and threats. It’s just as important to test your work products — whether that involves testing code or running attack simulations on the systems you’re providing to your customers. MSPs are increasingly becoming a target of cyberattacks because they provide a gateway to other companies’ networks. Regular testing can help prevent your company from becoming a platform for phishing or ransomware attacks.
Expand your recruiting channels: While cybersecurity experts are few and far between, there are non-traditional channels that could provide you with employees who can quickly be trained in cybersecurity. Veterans or those with law enforcement training, for example, often have transferrable skills.
Do your due diligence during the hiring phase: Background checks and reference checks are just the beginning. When evaluating new hires, you should also try to get a picture of their cybersecurity IQ and explain expectations and policies. Emphasizing the importance of security training and following protocols right from the start will provide an excellent foundation from which to build. Make it clear that security is vital to your company and will need to be taken seriously by anyone joining the team.
Create a robust professional development or upskilling program: Ongoing security training can also provide a way for employees to continue their professional development, build new skills, and generate opportunities for advancement. Online training tools can be used to create upskilling or certification programs that allow employees to opt-in and work at their own pace. These solutions can also provide data that will help identify employee strengths and weaknesses. With that information, managers can help guide employees to the best opportunities, while also ensuring they have been provided with updated security information and tools.
In a remote work environment, these strategies are even more critical. Hiring and managing remote employees requires a high level of trust and confidence in their ability to work safely and adhere to cybersecurity processes. Right now, almost every MSP is managing a remote workforce, whether they ever planned to or not. You can significantly enhance that trust by creating a security-centric environment through improved training and technology.
Nathan Bradbury is Manager of Systems Engineering for Barracuda MSP, a provider of security and data protection solutions for managed services providers.
