sb-eu logo
Story image

Security risks of neglecting the workforce experience – Avaya

28 Jun 2019

Article by Avaya solutions specialist Doug Richards

Government departments and enterprises are wasting millions of dollars every year on cybersecurity because they fail to also invest in the user experience.

Australian organisations are aspiring technology leaders that understand the importance of cybersecurity, and for government agencies, this is a matter of national security.

But all this protection can still be completely undermined by a single indiscreet act of exposure. What good is cybersecurity if a user views encrypted messages amid prying eyes on public transport or has a classified phone discussion in an airport lounge?

In the modern, digital workplace, people expect to be able to engage and collaborate in real-time regardless of location, network or device.

However, the downside of this trend is that users of technology often become the weakest link in the security chain.

With the mobile digital workforce expected to increase to 1.87 billion people by 2022, or 42.5% of the entire global workforce, the management of this technology-savvy demographic must be a top priority for governments and enterprises striving to achieve their business and operational objectives.

Don’t be blind to the bigger picture

Security discussions are focusing on technology factors: systems, networks, devices, and encryption.

These factors are mandatory but do not address people and context, and how we collaborate. They neglect the user experience and context, which leads to shadow IT and unauthorised cloud apps, which leads to poor situational awareness.

Improving security in the mobile digital workplace is as much about people and context as it is about technology.

Without the bigger picture – a great user experience with situational awareness – people can’t make effective decisions aligned with an organisation’s security parameters.

Context is so critical because it can moderate the tone and content of conversations.

Consider colleagues having a face-to-face conversation as they walk through the open plan office and into a meeting room.

They will moderate the tone and content of their conversation as they walk through the office, and once they are in the meeting room and have closed the door and the conversation is private.

If a guest enters the room the context has changed yet again, and the conversation adjusted.

In the mobile digital workplace, the context is less obvious.

The interactions are virtual and on our devices; we are not aware of the context in the same way as we are in person.

For example, who else is on the call and have we verified their identity? Where is everyone located? What devices and apps are being used? Over which networks are we connecting, and are the connections encrypted?

All this rich contextual data is relevant and accessible.

Technology can capture, analyse and present this context to the user in real-time.

This context can empower the user to moderate their conversations and the content they share.

Protecting all parameters

The significance of context is further exemplified in the Australian government’s security classifications model which very directly informs the user experience and impacts security.

Specifically, email is the only digital communication medium in government today that provides a visible security context to the user.

For example, [SEC=<CLASSIFICATION>] in the subject and body of the message.

Now envision automating the application of security classifications in the mobile digital workplace.

Real-time security classifications for voice calls, video conferences, and messaging.

This will transform security and the user experience in the digital workplace by clearly headlining to the user when they can and can’t have a classified conversation.

Story image
Strong cybersecurity posture crucial for company success - Fortinet
"They should also conduct due diligence to ensure partners aren’t inadvertently creating vulnerabilities with insufficient cybersecurity measures."More
Story image
Gartner predicts 75% of CEOs to be liable for cyber-physical security incidents by 2024
The nature of CPSs means incidents can quickly lead to physical harm to people, destruction of property or environmental disasters – and Gartner’s new research indicates that these incidents will increase drastically in the next few years if the lack of spending on these assets continues.More
Story image
Kaspersky releases new report on consumer’s approach to digital services
COVID-19 related restrictions and the necessity to stay indoors has influenced the way people approach digital services, making them more aware of how securely both they, and their housemates, use the internet.More
Story image
Revealed: The behaviours exhibited by the most effective CISOs
As cyber-threats pile up, more is being asked of CISOs - and according to Gartner, only a precious few are 'excelling' by the standards of their CISO Effectiveness Index.More
Story image
Ripple20 threat could affect 35% of all IT environments – ExtraHop
The vulnerabilities have the potential to ‘ripple’ through complex software supply chains, enabling attackers to steal data or execute code.More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More