HR has a tough task ahead in recovering from the Great Resignation and a pandemic that devastated the working environment worldwide. Job openings are at a record high, yet one in five employees globally plan to quit their jobs this year, continuing an unprecedented labour crisis. Staffing shortages have caused supply chain issues, compromised safety in the healthcare industry, and overwhelmed employees, highlights Will Plummer.
Staffing shortages are a big security risk, too. There are nearly 600,000 unfilled cybersecurity positions. Plus, your existing employees are tired, burnt out, and overworked. Tired people are just more prone to making mistakes, through no fault of their own. Frustrated employees can deliberately or unknowingly be the source of bringing packages or items into the company that present a security risk as well.
If you want to patch that security gap and help solve the labour problem, you have three options: You can open up options for remote and hybrid work in hopes of filling up those empty spots. And you can use technology to take up the slack and improve security.
Remote or hybrid work results in unexpected cybersecurity gaps
Being able to work in a hybrid or remote environment is a top benefit many employees seek, so providing those options can help with short staffing in the short term. Since the pandemic already caused many organizations to bring in remote employees, and by now a significant portion of the workforce is either working from home or participating in a hybrid work model, remote or hybrid work seems like a natural trend that may help solve understaffing. Unfortunately, phishing and ransomware attack numbers increase with remote work as hackers take advantage of largely unsecured devices and insufficient account access controls.
 |
Get our essential daily HR news and updates. |
It would not be terrible if everyone simply worked from home. But part of the problem is the hybrid work trend. Companies have to maintain a physical office presence, but there might not be enough workers to keep an eye on it. Hybrid working introduces a unique element of unreliability and instability, where oversight decreases and therefore risk increases.
To illustrate how this could be a risk, consider how hackers can build a cheap “warshipping” device – basically, a simple, internet-enabled mini-computer sent through the mail to launch an attack on the company’s computer network. A hacker might send in a warshipping device on a Monday and have it sitting in a company’s mailroom until someone comes back into the office on a Friday. That’s four days of gathering data and exploiting vulnerabilities.
As another example, many employees have packages shipped directly to the workplace. Those packages might sit on desks for days or even weeks until they come into the office, and in the meantime, a package might contain a warshipping device. All in all, remote or hybrid work isn’t a sufficient answer to the problem, and it can actually increase risk.
Education can help boost retention
Better education on the other hand can help with both security and retention. Nearly nine out of ten HR managers see the need to improve workplace training. Such training can bring better upskilling and boost retention rates. It gives employees room to grow, and proper cybersecurity training can help reduce vulnerabilities and risks.
The question remains, how do you improve training without burdening your staff? Your cybersecurity team is not there to teach the rest of your staff, and when there are labor shortages, it’s not easy to find someone to fill in the training gap. Do not ask your employees in-house to put that burden on top of their considerable duties.
Instead, you might invest in a technology or outside service that can train the rest of your staff to minimize risks or provide opportunities for upskilling. For example, outsourcing training to experienced security personnel might mean the difference between an employee making a bad choice that compromises your network, or knowing not to. Plus, many training/education websites have specific offerings for businesses to train multiple employees 100% remotely at reduced rates.
How technology can help
Let’s paint a picture of where we are so far. You’re understaffed. The staff you do have are overworked. People come into the office only occasionally. You’re aware that all of this causes security risks, but your options are limited. You’re probably doing everything you can to hire new talent, so there is no recourse there.
You cannot stop the hybrid or remote model because that is a surefire way to lose more staff who are determined to maintain the workflows they began during the pandemic. Yet, hybrid or remote work is definitely not a total solution to the staffing problem, and it can bring security issues. Education can help, but it is also not the whole answer.
Next, you can look for technological tools that can help you increase retention rates and improve security and safety even during labour shortages.
1. Carefully scan for threats, beyond email
Most companies already have a big budget focused on cyber security and cyber vulnerability scanning. One critical area is a network or email scanning service, which can help prevent many phishing attacks by scanning emails and URLs for malicious content.
The reality is, every company is aware of cyber security threats, so it’s important that you do not forget about the physical world, either. Postal mail security is an area that organizations are likely to bypass. But, you can also perform simple checks or mail scanning for packages that come to your mailroom to reduce the chances of a warshipping device accessing your systems. For example, any packages that have a wrong address should be returned immediately. Hackers will sometimes deliberately put a wrong address so that the package will be returned to the sender after several days of collecting information through a warshipping device. Let’s make it as hard as possible for them to get access.
2. Automate and standardize response and remediation for all threat types
It is always good to plan for a worst-case scenario. Especially if you’re short-staffed, a successful cyber attack can tie up your cybersecurity team for weeks, which puts your company even more at risk. There are detection tools available that can go a long way to setting you up for a proactive response vs reactive. You can also implement standard operating procedures across the organization for how you respond to and recover from all types of threats, cyber and physical, in order to streamline workflows and reduce the damage to your business and to employee morale.
Staff shortages are a cybersecurity risk in more ways than one
Your cybersecurity team is probably operating below capacity. Your overworked employees are a security risk through the greater likelihood of them committing a simple human error. But technology can help you patch those vulnerabilities. While you continue your efforts to hire more employees and help your existing employees avoid burnout, you can look to technology to help fulfill your cybersecurity and staffing needs.
From scanning incoming mail to automating recovery to educating your staff, technology can help you avoid risks and mitigate the fallout of a worst-case scenario.
__
Will Plummer is Chief Security Officer at Raysecur.
Amelia Brand is the Editor for HRreview, and host of the HR in Review podcast series. With a Master’s degree in Legal and Political Theory, her particular interests within HR include employment law, DE&I, and wellbeing within the workplace. Prior to working with HRreview, Amelia was Sub-Editor of a magazine, and Editor of the Environmental Justice Project at University College London, writing and overseeing articles into UCL’s weekly newsletter. Her previous academic work has focused on philosophy, politics and law, with a special focus on how artificial intelligence will feature in the future.
- Amelia Brand
- Amelia Brand
- Amelia Brand
- Amelia Brand
