The COVID-19 pandemic has forced some CISOs scrambling to upgrade or buy technology to handle the sudden increase in employees working from home.
But it’s also forcing them to find ways to ease the pressure on security teams spending hours at a time on video meetings while facing the usual family problems by doing everything from making sure meetings are shorter to encouraging staff to find a hobby.
That was one of the take-aways from a CISO panel Tuesday during a virtual conference aimed at Canadian infosec pros run by FutureCon.
“Within my team, we have ‘Social Fridays’ where the team gathers on its own and we spend a couple of hours with our drink of choice shooting the breeze,” said Cherian Palayoor, director of information security and compliance at Vancouver-based Hootsuite Inc. “That has been absolutely key in ensuring we continue to function as a homogenous well-connected unit that is empathetic to others. All of us have had personal challenges as we adjusted to this remote work from home situation. Some are daycare related, taking care of family members, pets, inadequate office facilities at home. We bonded as a team to make sure we are flexible in terms of work schedules to make sure we all make it through.”
Ironically, Palayoor added that the pandemic had been an enormous boost “from a team bonding standpoint.”
Bobby Singh, chief technology officer and chief information security officer for TMX Group, which runs the Toronto Stock Exchange, the TSX Venture Exchange and the Montreal Exchange, has shortened online conferences by five to 10 minutes, so his staff has a break between sessions.
For all employees, the organization sponsors online cooking classes, yoga classes and a games night for smaller teams.
“At least have a different environment,” Singh advised. “Be creative and think about something else besides work … You want to make sure people don’t get fatigued and demoralized.” Because TMX Group runs financial exchanges “we need people that are fresh … and don’t make mistakes.”
Moderator Laureen Smith, vice-president of worldwide alliances at Accellion, noted her CISO encourages staff to start a hobby to get away from thinking about work all the time. Generally, it’s been proven that remote working doesn’t affect productivity, she said. However, Smith also warned that after six months companies may be moving into “work from home fatigue.”
“It’s becoming a marathon of meetings every day,” said Mike Melo, CISO of medical diagnostics service LifeLabs. Fortunately, he said, not only has management been accomodating employees have access to a third-party counselling service.
Adopting their organizations to work from home hasn’t been too hard for these leaders. By coincidence, shortly before the pandemic erupted LifeLabs purchased a secure access service edge (SASE) solution from Netskope to allow for secure remote private access. That lead to the creation of a Zero Trust VPN model, limiting employee access to only the applications they need.
“We made a remarkably smooth transition to remote work from home,” said Palayoor. The transition was made easier because there was a crisis management plan that was ‘”itching for a crisis to come along” and be tested. Today, only a “skeleton” sales and IT staff work from Hootsuite’s main office.
Similarly, Singh credits TMX Group’s existing business continuity plan with enabling the switch to work from home to be fairly easy. Only a few IT staff still work in the data centre.
Asked if the increased number of staff working from home also increases the insider threat, Singh replied that “there is no insider/outsider anymore.” He and Palayoor said that people are either authorized or not to be on the network and to access certain assets.