With the redesign, companies and organizations need to rethink the IT security strategy.
This is necessary insofar as, thanks to the first containment, we have been able to observe that real failures existed in the management of cybersecurity as a whole. In this condition the club of computer security professionals, the Clusif (French computer security club) continues to provide recommendations and tips in order to help entities prepare. Because the real challenge always remains.
This article will also interest you: The coronavirus pandemic and security strategies in a company
The French Information Security Club is keen to address the "major human dimension" of computer security, especially at the level of remote work which has become standard or obligation under certain professional conditions. It is for this reason that the Clusif calls on the institution and company managers not to neglect the "mental overload" of their employees.
With many influences, be it the general regulation of data protection, the Edward Snowden spying scandals, cybersecurity present themselves as a very important aspect today for all organizations. However, if every time the issue is addressed, it is referred to only to technical aspects and the thing, the well-being of those involved should not be overlooked. In a recently published paper entitled "Cybersecurity Telework and Collaborators: New Balances," the working group behind the study explained that it had "voluntarily focused on the human aspects of telecommuting and new uses of digital technology in relation to cybersecurity," in contrast to "many publications [qui]have flourished, making technical recommendations to enhance the security of digital tools."
"A (unfortunately) seasonal publication that puts the human at the centre of the issue," the head of the working group, Pierre Raufast, put on Twitter.
"Reconfinment reinforces this certainty: the well-being and safety of employees are not decreed, they are built," says Rayna Stamboliyska, a member of the working group. The "shared conviction" of the specialists who worked on the issue discussed in the document is that in this new telework context, because of the containment, "more than ever, the collaborator is the main player in security" because it should be noted: "Stressed people are more vulnerable to social engineering" according to the Clusive. Indeed, the Information System Security Manager (RSSI) "is primarily a digital risk manager" who must complete two major missions that have a "major human dimension. " On the one hand, he must be able to focus on the technical and operational aspect of his organization's IT security. On the other hand, it must ensure that its employees are sufficiently in a situation of well-being to be able to work effectively. It must therefore inquire about the "well-being of employees and the psychosocial risks that make them more vulnerable"."
"The lack of communication and "physical" contact can be anxiety-inducing," the report says: "The change of place and rhythm as well as the mental load can lead to increased stress, a situation of exhaustion and lead to burnout." However, "tired, worried, stressed people are more vulnerable targets for social engineering," while the number of computer attacks to increase in a context where remote work between can "cause mental overload and increase employee vulnerability," the report notes.
Moreover, "the employee should not be seen as the 'internal threat', but rather as an essential link in security. ». Nevertheless, the French Information Security Club notes that, looking a little further than the formal aspect of COMPUTER security, "the complexity of the solutions and the ambient misunderstanding around new technologies make people more vulnerable to fake news"." A situation that is likely to "generate damage to the reputation of the company. ».
As a result, managers must be "attentive to the mental overload, stress or distress of their employees." Following a survey of human resources managers, there was a real lack of "psychological support during confinement and since its release". But it has to be absolutely.
Now access an unlimited number of passwords: