Business Security

Injecting Cybersecurity into Organizational Culture

Image courtesy of Pixabay

Bizarre management of remote work: 3+1 cybersecurity topics managers should address in their feedback to employees

August 03, 2020. From the US to Europe and Asia, lockdowns have forced businesses to send around one third of employees to work from home. Despite the lockdowns being recalled in most countries, working from home is still favorable. At the same time, hacking activities intensified, paralyzing numerous businesses for extended periods of time. 

“There are three main reasons why cybercriminals are successful: using personal devices for work-related tasks, not using cybersecurity tools, and falling for social engineering,” says Daniel Markuson, digital privacy expert at NordVPN.

NordVPN’s survey showed that, while working from home, 62% of employees were switching between work and personal devices to perform work-related tasks or engage in personal affairs. When trying to fishnet a personal account, hackers managed to get hold of a corporate one too. Webroot’s report found that personal devices are about twice as likely to become infected as business devices.

Another important thing is that people are not using cybersecurity tools, like a VPN or firewall, and are late to install updates with critical fixes of system vulnerabilities. The third reason is falling for social engineering: when employees  are located at a distance, it’s easier to take advantage of them by pretending to be someone from the company.

As corporations preparing for the second wave of work from home, managers are expected to raise cybersecurity awareness among employees.  Digital privacy experts strongly believe that, rather than just asking to be cautious, bringing up cybersecurity issues as part of delivering feedback to an employee will make organizations less vulnerable. 

“The problem with IT infrastructure is that employees treat it instrumentally. If the tools and systems perform as expected, employees do not take additional action to improve their routines by using additional security tools or installing updates.  Cybersecurity habits should be considered just as important as the habit of generating performance reports. Regular feedback on digital hygiene is the best way to approach the issue,” says Daniel Markuson.

Turning cybersecurity training into feedback session

There are multiple techniques of delivering feedback. The most popular is the so-called sandwich technique, where a person is given a positive message at the beginning, constructive criticism and correctional advice in the middle, and another positive message at the end. The manager is expected to highlight if the employee was among the first to install

updates or not to perform work-related tasks on personal devices, and to be constructive on the weak spots.

Another approach to feedback delivery is the “feed forward” approach, which focuses on positive suggestions for the future. The manager starts the conversation with the area that needs improvement and gives two positive suggestions for the future to improve that area.

3+1 topics managers should focus on during their feedback sessions 

To help managers prepare for a conversation with employees, here’s a list of 3+1  topics to add to the conversation:

  1. Instant updates. The gap between the time when updates are offered to users and the moment they install them is an opportunity for hackers. Update releases show hackers existing vulnerabilities, and if employees are late to install the fixes, hackers take advantage of it.
  2. Unique passwords. Employees tend to use the same passwords to log in to their personal and business accounts. Hacking one account gives access to the overall subsystem of corporate platforms.
  3. Advice on having two separate VPNs. VPN provided by employers protects the organization from outside threats and makes online presence invisible to hackers. Contrary to personal VPN solutions, corporate VPNs might be logging online activity. Employees should be aware of it in order to keep their lives private.

+1. Always think twice before sharing information with other employees. Twitter was hacked using social engineering. Hackers often pretend to be co-workers or partners to obtain information or push ransomware through. They might also create email addresses similar to the corporate ones, like: Employees should always double-check twice.

Regardless of which feedback technique the manager will apply, the most important thing in feedback delivery is for it to be timely and regular. The more frequently the topic is discussed, the more likely it is to become a part of organizational culture.

About the author



NordVPN is the world’s most advanced VPN service provider, used by millions of internet users worldwide. NordVPN provides double VPN encryption and Onion Over VPN and guarantees privacy with zero tracking. One of the key features of the product is Threat Protection, which blocks malicious websites, malware, trackers, and ads. NordVPN is very user friendly, offers one of the best prices on the market, and has over 5,000 servers in 60 countries worldwide. For more information: