Does your organization have a strategy for protecting employees at home as a part of your overall cybersecurity program? Something that could include, but really goes to a place that is beyond, awareness training?

If You Answered “No,” You’re Not Alone

Employee privacy is a big reason why not. And yet, as the connected smart home becomes an increasing threat and potential source of compromise for the organization, it’s a question that we all need to think about. That’s why I’m kicking off new research to provide some clarity as to what is realistic to do about this and identify what a holistic approach would look like — one that supports employee privacy. Note: This is part two of a series, the first of which explores the enterprise risks of consumer connected devices, led by my colleague Chris Sherman.

Is A To-Do List And DIY Security The Best We Can Do?

Because, really, this is not a thing where you provide employees with a checklist of dos and don’ts and call it a day. Have you tried setting up and using one of those consumer home security, secure router type of gadgets? You’re probably not handing them out like candy to employees. Can you imagine Bob, your CFO, trying to set one up at home? No offense to Bob. He probably doesn’t have time or interest to do so.

Let’s Change How We Approach Protecting Employees At Home

Plugging in a thing is not exactly a comprehensive approach; what would a Zero Trust approach to protecting the home like we do for the enterprise look like? Yeah, that’s where I’m going with this, trying to think through and develop an approach that goes beyond network and endpoint security. I’ll work on a better title though, since Zero Trust at home sounds like a reason for couples counseling.

Participate In The Research!

I’m aiming to talk to a diverse group of people as a part of this research to explore a variety of questions and topics. Here’s a sampling of what I’m thinking so far:

  • CISOs. Is this something you’re doing or tried to do in your company? I’d love to connect and hear about what’s working, what’s not, roadblocks, and surprises.
  • Security vendors and threat intel vendors. Give me your best pitches of what you’re offering here that is a thing that people can buy today. I’m especially interested in offerings that would protect the employee’s entire family or how you understand and identify cybersecurity threats to the connected home and the individuals within.
  • Recruiters, HR, and benefits professionals. What are current trends when it comes to benefits that relate to personal cybersecurity? What about executive benefits that relate to security and safety? We see identity theft monitoring and protection services as employee benefits today. What about a future state where personal cybersecurity for the home is an employee benefit?
  • Insurance pros. What’s going on in the world of personal cyberinsurance? So far, the ones I’ve come across are mainly aimed at high-net-worth individuals. I think there are some interesting possibilities here that combine insurance and services.
  • Privacy people and all the attorneys out there. Are you being asked about this topic at all? What’s your take on how an organization might even approach the idea of trying to protect employees at home and designing the experience and program with employee privacy and relevant legal requirements in mind?

Exciting, right?! Drop me a note if this is something that you have an interest in. Or catch up in person! I’ll be attending Black Hat next. Come say hello. Either way, I hope to connect with you soon.