source-codesource codeauthorAdam JanofskyNoneWant your finger on the pulse of everything that's happening in tech? Sign up to get David Pierce's daily newsletter.64fd3cbe9f
×
Get access to Protocol
Your information will be used in accordance with our Privacy Policy
I’m already a subscriber
protocol
Want to better understand the $150 billion gaming industry? Get our newsletter every Tuesday.
Are you keeping up with the latest cloud developments? Get Tom Krazit and Joe Williams' newsletter every Monday and Thursday.
David Wertime and our data-obsessed China team analyze China tech for you. Every Wednesday, with alerts on key stories and research.
Want your finger on the pulse of everything that's happening in tech? Sign up to get Protocol's daily newsletter.
Do you know what's going on in the venture capital and startup world? Get the Pipeline newsletter every Saturday.
Hear from Protocol's experts on the biggest questions in tech. Get Braintrust in your inbox every Thursday.
Get access to the Protocol | Fintech newsletter, research, news alerts and events.
Your guide to the new world of work.
Coverage | Newsletter | Intel | Events
Coverage | Newsletter | Intel
You and everyone on your team are suddenly working from home for the foreseeable future. That awesome security structure you had in place is now Swiss cheese at best, with employees using all sorts of devices and network setups to access corporate data.
How do you plug the biggest security holes as quickly as possible?
We asked more than a dozen cybersecurity companies to share the memos, emails and other guidance that they have sent to their own employees in the past few weeks to protect their systems. Here's what we found.
They're taking phishing really seriously
Almost every cybersecurity company we contacted has been regularly warning employees about sophisticated phishing attacks that leverage COVID-19 information to get victims to click on malicious files.
Joe Payne, chief executive of Code42, which makes software that detects and responds to insider threats, wrote in an email to all employees on March 24 that their CISO had reported "a huge surge in phishing activity. The bad people (and they really are bad people!) are preying on people's fear during this crisis. Do not click on links!!!"
The scams can take different forms, but workers should be especially suspicious of emails about workplace policy changes, emails that offer health advice, and messages that look like they're from the Centers for Disease Control and Prevention, advised a March 16, all-employee memo from Simon Biddiscombe, chief executive of MobileIron, which helps enterprises secure mobile devices and other endpoints.
"Cybercriminals have targeted employees' workplace email accounts. One phishing email begins, 'All, Due to the coronavirus outbreak, [company name] is actively taking safety precautions by instituting a Communicable Disease Management Policy.' If you click on the fake company policy, you'll download malicious software," Biddiscombe wrote.
Cybersecurity companies including Veracode, Satori Cyber, OneLogin and F5 Networks all circulated ways to identify if an email is malicious — for example, by checking a domain before clicking on a link and verifying that a sender is who they say they are — and reminded employees how to report suspicious emails so that they can be analyzed by security teams.
"Let's make sure we don't get a different kind of virus," OneLogin's security team wrote in a March 17 email to all employees, advising that when they receive an unexpected message, to apply the "S-T-O-P principle": Stop, Take a deep breath, an Opportunity to think, and Put the email into perspective and report it to one of three teams.
They're talking about security constantly
To keep on top of rapidly evolving threats, cybersecurity firms have ramped up their regular communications with employees.
In addition to frequent security-related emails, FireEye chief executive Kevin Mandia has a standing weekly live call — held twice to accommodate all global team members — to reinforce the messages and address questions, a spokesperson said.
SecureLink chief executive Joe Devine holds a similar weekly meeting through Google Hangouts, and Chief Information Security Officer Tony Howlett sends out daily educational emails about the latest attack information and how to stay protected.
"When it comes to communications with our employees, we are now actively over-communicating with them to keep them informed about everything going on. Extreme transparency is always the best policy," Howlett said in an email to Protocol. "Repetition is key when it comes to educating employees on security best practices, so we send out regular bulletins that [recap] the latest attacks from that week and how you can keep yourself safe at home."
Everyone is IT now
Many of the steps that employees can take to protect themselves require some technical know-how, and some cybersecurity firms have created guides and checklists to help employees secure their home workspace without in-person guidance from IT staff.
Twilio, which helps companies manage their cloud communications security, has an internal wiki called "Protect Your Castle" that they've been updating daily since the outbreak began. The wiki has policies, guidelines and FAQs about working from home.
Security resources on the wiki include steps to take to protect your home network (for example, change the name of your Wi-Fi, change your router's username and password, and don't broadcast your SSID), and to protect your laptop and other devices from cyberthreats (turn off Bluetooth, update your software, delete apps that you don't use, use a VPN).
Not everyone on your team knows how to do these things? It's a great time for them to expand their skill set. SecureLink's cybersecurity team also put together a "Work From Home Security Guide" for employees that explains things like how to set up a VPN and multifactor authentication.
They're afraid of children
Even if workers do everything right, one 8-year-old downloading Minecraft modifications on a work computer can sabotage the whole system.
"Sometimes the work PC is now the best computer in the house," said Steve Grobman, chief technology officer at McAfee. "There needs to be a lot of thought before you let your kid do their homework on your work PC and possibly go to a website during a break that can put your company at risk."
Grobman said that many organizations allow employees to use work computers for some level of personal use, but they need to emphasize ways that workers can separate the two during the outbreak, when there may be several family members stuck at home with not enough devices.
Eldad Chai, chief executive of Satori Cyber, emphasized this point to employees at the end of a March 19 email about how to stay secure.
"Also, don't let your kids install anything :)," he said.
… and wash your hands
Below, check out some of the emails cybersecurity companies have sent to their employees.
From Your Site Articles
These are all great initiatives to help foster work-life balance after a stressful year. But if you're worried about long-term burnout at your company, you should also look into ways to prioritize team well-being all year round. Just as with building a healthier lifestyle, enacting measures of support on the day-to-day level is where lasting change is made.
Set healthy communication boundaries — and model them
According to a 2020 report by Aviva, 44% of employees say they feel like they "never switch off from work," while 70% of all workers say they regularly check emails and messages outside of work hours. And these habits have consequences: More than half of employees feel like their mental and physical health have suffered due to work pressures.
When employees may not feel like they can draw a line in the sand between their work and personal lives, it's up to leadership to clearly share communication expectations and model healthy boundaries. Encourage employees to turn off all email, Slack and work app notifications outside of working hours, and ensure that managers aren't reaching out to team members after-hours with requests.
Make sure that your company's leaders aren't just paying lip service to employees' right to disconnect, either. That means everyone in leadership — from the CEO down to team managers — should avoid sending emails during off-hours or reaching out to team members during their paid time off. By living the guidelines, leadership can help employees feel psychologically safe to stick to the recommended boundaries.
Just as with building a healthier lifestyle, enacting measures of support on the day-to-day level is where lasting change is made.
Eliminate unnecessary meetings
"Well, that meeting could have been an email." A recent joint study from Harvard Business School and New York University found that the average number of meetings increased 12.9% during the pandemic, while the size of each meeting grew by 13.5%. Meetings are the first and fastest way for your company to free up valuable team time.
Some companies have decided to implement "No-Meeting Wednesdays" to help employees recover. At Trello, employees will take regular "Maker time," where they forego any meetings to focus on creative work. But another option includes taking a closer look at each meeting on an employee's calendar and asking, "Does this meeting really need to exist?"
While some events should happen in real time — such as one-on-ones or difficult conversations — many other meetings can be carried out asynchronously. A project update is a great example of this. Rather than meet every Monday to discuss everyone's progress on a new project, team members can simply add their weekly updates to a list on Trello and respond to one another asynchronously. Everyone's kept in the loop, and no one has to sacrifice an additional hour of their time.
Companywide meetings announcing a new feature are another example. Rather than ask everyone at the company to spend half an hour in a meeting, consider typing the update in an email, sharing on Slack or adding the recap to your company's knowledge base on Trello. The example above takes advantage of Trello's integration with Loom to record and attach a video update for those looking to save time typing.
Cut down on context-switching
According to Blissfully's 2019 SaaS Trends Report, the average employee uses at least eight apps a day to get their work done. It's no wonder 40% of employees are frustrated by the collaboration and communication tools they're expected to use at work. Because they're constantly switching between email, chat, video, documents and more, employees find it harder than ever to focus on the actual work they need to carry out, which stretches out working hours, wastes time and leads to burnout.
To lower the amount of context-switching team members have to do, decrease the number of tools they need to monitor throughout the day. Make it clear that emails and chat messages aren't emergencies and that notifications can be muted while deep work is being carried out. (This is something Trello employees do by setting their "Slack off" hours.) Most of the time, work won't suffer if employees only check their inboxes or Slack messages every couple of hours.
You can also help employees reduce their context-switching by keeping information organized on one platform. According to a 2019 survey by 8x8, nearly 50% of employees say they spend up to two hours a day looking for the information they need to do their jobs. This cuts into valuable time that employees could be spending doing work that matters to them.
Cut back on the amount of time employees need to spend hunting down information by centralizing as much work as possible in a tool stack that is accessible for everyone. For example, if a project is being tracked in Trello, ask the team to keep all progress updates, questions and feedback within the project board, where everyone can see the same timeline view of the work.
Work from other apps in our tool stack is enhanced through integrations, so documentation from Confluence or tickets from Jira are linked and visible to our projects.
Whichever toolset you choose, consider the "single pane of glass" concept: Your teams operate in a busy workplace, so making information visible and discoverable in as few locations as possible goes a long way in reducing frustration and busywork.
Check in on employees regularly
Saving the most important tip for last, invest in manager coaching and resources for recognizing and addressing the warning signs of burnout in employees. Have them check in on employees' stress levels during one-on-one meetings and encourage everyone at the company to take regular vacation and sick days when needed.
Managers should also keep a close eye on how much work employees are taking on. Star employees will often over-commit to work — without complaints — and burn themselves out, which helps no one. Managers need to step in and stop employees from taking on Herculean workloads because, even if someone can do a lot of extra tasks, it doesn't mean they should.
Fortunately, managers who use Trello can see exactly how much work their team members are taking on using the Dashboard view:
With data on task distribution and due-date management, managers can see who is taking on (and completing) a reasonable amount of work and who might be overextending or falling behind. We use data for every other business decision; why not see how it can empower more equitable team management?
Stop the slow burn
The pandemic may have exacerbated employee burnout, but it was an issue long before COVID-19. Unfortunately, there's no single solution that can extinguish burnout, either. Support your employees' ability to focus and work-life balance by focusing on their day-to-day experiences — and you'll stop burnout from smoldering on for too long.
Trello moves teamwork forward by bringing productivity, collaboration and team spirit together in one place. Get a free trial of Business Class to try out Views, including Dashboard and Timeline. And if you want to see how Trello can be implemented across organizations, check out our best practices for setting up a shared toolstack like Trello Enterprise at scale.
Is this tech? Or is it just a bike with a screen?
Image: Peloton and Protocol
Even our executive editor weighed in.
Karyne Levy: is PELOTON tech?
Megan Rose Dickey: are we doing these every week or what's the deal?
Karyne: yes! it is a weekly series
Megan: yes, i knew that lol
Kate Cox: Anything you can control remotely with DRM and a subscription fee has to qualify, yes?
Karyne: i will go first: peloton is for sure tech. without the technology that runs peloton (leader boards, streaming, the big tablet on the bike, the app) it is just a bike.
Tom Krazit: never saw this one coming
Kate Cox: Yeah, its whole thing is the connected software, that's what they're selling. With an expensive bike.
Karyne: right. i mean really they're selling a LIFESTYLE but it's a tech lifestyle 😎
Karyne: obviously i'm obsessed with peloton, i'm an evangelist
Tomio Geron: Yes it is a lifestyle because you can hook your bike up to zwift or other software for much less
Kate: I am the opposite of obsessed with Peloton, and I am deeply antisocial in my working out, but I agree that its whole deal is aspirational and techy
Karyne: oh i don't talk to anyone
Amber Burton: I would like to venture that it is just a bike with tech attached
Karyne: amber no
Amber: yes
Meg Morrone: Is my treadmill that is not connected to the internet tech?
Amber: im sorry lol
Karyne: please explain further
Amber: it's a bike with bad tech attached
Karyne: no @Meg, your treadmill is just a treadmill, i'm so sorry
Karyne: BAD TECH????
Karyne: AMBER
Megan: ahahah
Amber: yes
Meg: But it has a chip in it.
Megan: you tell em, amber!!!
Karyne: a chip does not a tech product make
Karyne: or something
Kate: What pushes me over to Peloton being tech is the way they retroactively turned off features for treadmill users when they added a subscription fee
Kate: That's Internet of Things behavior right there, which is tech
Karyne: lol killed by google vibe
Sarah Roach: If I fasten my phone to my bike, did I make my bike tech? Or did I just decide to use tech while riding my bike
Amber: I have a schwinn and it's basically the same. But I guess my point is that Peloton is bad tech. Is that fair?
Amber: Sarah, that's exactly it!
Kate: does your bike still work if you disable the software or stop using your phone? (yes)
Tim Grieve: I feel that I am the elephant in the room.
Sarah: Or is the bike tech too? Are bikes tech?
Amber: I'm waiting to hear Tim's take
Kate: tim's hot bike take
Tim: I say it's tech. I mean, the pedals go around if you turn off all the tech, but Peloton isn't selling a pedaling product. It's selling the whole package – bikes and classes, and readouts on the bike that tell you whether you're doing the things you're supposed to be doing.
Karyne: you can connect an ipad to any bike and attend the classes, but then you're using peloton's app, in which case that, too, is tech
Tim: My kid spent weeks hacking a bricked Flywheel bike so it would work with Peloton classes. That feels like tech!
Kate: Peloton is the software product, right? That's what really matters. Where something like Tesla is both software (updating your car) and hardware (the literal four wheeled car), Peloton is, as you say, something you can make work on any bike if you're determined but the experience is all the software bits
Amber: Ugh ok maybeeeee
Tim: A meeting isn't tech, but Zoom is. A spin class isn't tech, but Peloton is.
Karyne: right. and when you do a peloton ride on a peloton, you can see your cadence and resistance on the screen
Karyne: that's tech, it's using a sensor!
Biz Carson: Can we now talk about how Cody Rigsby is our favorite Peloton instructor and I will accept no substitutes?
Is Cody Rigsby tech?Image: Peloton and Protocol
Kate: Peloton is as much tech as my Fitbit is, I think
Sarah: 🤔
Tim: I hope we're tagging all the instructors so we get the traffic.
Karyne: you know i will. SEO 4 eva
Tim: What time is Emma Lovewell's Peloton class?
Karyne: that's our headline
Biz: for the internet records, i do believe peloton is tech and will go a step further and say it is also a media company
Karyne: omg
Amber: oh man that hurts my soul
Karyne: Peloton is tech and media and hurts Amber's soul
Tom: well, soul-destroying = tech
Amber: The takeaway for the day
Tim: Also, who's up for Soul Cycle in Marin tonight at 5:15?
Megan: big yikes
Megan: i mean, no thanks lol
Megan: those classes seem so intense
Karyne: perfect. if something is soul-destroying, kills features without warning, has a sensor and an app and DRM and cody rigsby, then it is tech.
Karyne: i'm going to make t-shirts
Latest Stories