teissTalk: Inclusive infosec leadership - developing a vision for your security function

teissTalk host Geoff White was joined by Paul Raines, CISO at UNDP; Goher Mohammad, Head of Information Security, L&Q; Irene Njoroge, Cyber Security Governance & Compliance Manager, Vodacom Congo

Views on news

According to a Reuters source, the BNP Paribas rescinded the access privileges of its Russian workforce over fears that connections to the local network could leave vulnerable to cyber-attacks by Russian threat actors. Geofencing can be a good way of hiving off the Russian arm of a multinational company to reduce risk in the time of the war in Ukraine.

How inclusive can business get?

The UN is by definition an inclusive workplace, especially in terms of ethnicity. But it also relies on technology to support its employees with disabilities. It also enables people to work from home, which means that even those who wouldn’t be able to get to a workplace daily can get a job with the organisation. Inclusivity works best if it comes from the top and trickles down all the way to the lower echelons of the company. Inclusivity shouldn’t only include gender and race or disabilities, though. Cognitive diversity should also be at the front of the minds of people managers. as inclusion is also about being creative with your approaches and perspectives. Information security experts need to be not only technologically adept but also good at having conversations across various teams. Job adverts and job descriptions have to reflect this too.

A new frontier for an organisation to advocate inclusivity is remote work, where all employees should have an equal working environment and shouldn’t feel excluded just because they aren’t based in the office. Ensuring employees who work from home have the necessary security controls in place and get technical support is now also part of an inclusivity policy. In multinational companies and global organisations, it’s key to try and standardise the employee experience as much as you can despite the varied technological and regulatory infrastructure they need to work in. (equipment, patching level, operating system). Staff’s cyber security hygiene has to meet the organisational standards, no matter where they are. Ensuring your people have access to the same bandwidth around the globe is one of the most challenging tasks, but a connectivity backup through satellites can address this issue.