Cybersecurity and Telecommuting in PR, Alone and Together
By Rick Gould CPA, J.D.
Cybersecurity and telecommuting are two separate lanes for PR firm owners to manage. But they’re certainly not independent of one another.
As the so-called dark web rears its ugly head, PR agency owners and C-level executives are increasingly responsible for protecting their digital and online assets soup to nuts.
At the same time, owners must ensure that the growing number of employees who work from home (or wherever) have computer defenses against hackers and other bad actors online looking to steal sensitive information.
How PR firm owners can bolster their cybersecurity and telecommuting strategies—and how the two issues overlap—was the centerpiece of a recent seminar sponsored by Gould+Partners and Anchin.
The discussion featured comments by Sharon Emek, president-CEO of WAHVE, which specializes in telecommuting programs, and John Curran, CEO of Redpoint Cybersecurity, which provides a wide array of cybersecurity services.
Here are some major takeaways from the event:
• Be flexible. One size does not fit all. Depending on family obligations, for example, some employees might want to work remotely in the morning and then work at the office in the afternoon while others employees might prefer to reverse the situation, Emek says. Whatever the individual situations (and there will be many), technology can easily accommodate remote workers regardless of the total amount of time spent out of the office. “The future is most people will be used to working remotely and—through AI (Artificial Intelligence)—employees will get the institutional knowledge remotely,” Emek says. “Many more people will be working from home than they do now.”
• Identify the most eligible employees for telecommuting. Not every employee is cut out for telecommuting. Choose employees for telecommuting wisely. Evaluate myriad tools designed to improve collaboration and communication between employees who work from home and those who work in an office, such as Skype and GoToMeeting. Start with a pilot program and build a telecommuting culture throughout the company. Establish clear, consistent and measurable goals (which are often overlooked when creating telecommuting schedules). Extend or reduce the telecommuting program accordingly.
• Don’t micromanage remote employees. Just like employees who work in the office, people who work remotely need to be assessed on results—and not have managers looking over their shoulders. “When I talk to some people about remote work they say, ‘Oh my god, How am I going to manage [employees] if they’re not here in the office?’” Emek says. “You mean, you sit at the cubicle all day and watch them?” Emek says, incredulously. “Just imagine this remote worker is in a cubicle, but instead of being in your office it’s in their home, but they function the exact same way.”
• Prepare for the inevitable. For smaller firms and SMBs it’s not a matter of if their computer systems get hacked but when; certainly within the next few years. Curran says the cybersecurity threat is accelerating, regardless of whether employees are working from home or remotely. “Those same risk factors and threats pertain to anywhere you work, whether that’s Starbucks or the home office,” he says. “The axis point at Starbucks is not as secure as the one at the home office. But there are solutions to mitigate risk.” The major takeaway: Wherever employees for the firm are working, owners and C-level executives can’t be lulled into thinking, ‘It can’t be happen here.’
• Use a specific approach to combating the issue. When computer systems are breached, business owners must examine what went wrong specifically. “It’s only after doing that kind of forensics and diagnostics that you can begin to understand the extent of the damage and then how to fix it,” Curran says. “Much like when you go to the doctor, instead of just taking the eat-right-sleep-right-etc.-best-practices approach, you say, ‘We are now in a different era. We are facing specific threats.’” He adds, “It’s more akin to, ‘I just had a heart attack. What do I do about it?’ You need somebody that’s going to come in and check out specifically what your issues are and then with the right skills and the right tools address what has happened, try to mitigate the damage, contain and eradicate the damage…and then set you up so you notice future incidents more quickly.”
• Brace for a ‘Pen Test.’ A penetration test, or pen test, is an authorized simulated attack on a computer system, performed to evaluate the security of the system. It’s a preventative measure that firms can take to gauge their cyber defenses and uncover where the weaknesses may lie, Curran says. “One of the things we’ll do is see if we can get through the firewall,” Curran says. “We’ll see if we can hack into the wireless network, often you can; we’ll see if we can get through your antivirus [software], often you can. There are a number of different ways to approach these things.”
To watch the entire event via Facebook, please click here.
Sign up for Gould+Partners email newsletter, Inside Edge…Business Strategy for PR, Media & Creative Service Agencies.