The stream of online fraud, data breaches and prevalence of insider threats is something that we all need to help combat
However, it’s not something that always comes naturally to individuals and organisations, especially when working from home. “Since the introduction of remote work, businesses have been all too aware of the potential cybersecurity risks associated with a home working environment and recent research has suggested it’s not getting better anytime soon” explains Scott Boyle, Head of Information Security, Totalmobile. “In fact, a new report has shown that working from home has cost businesses £374 million since the Covid crisis began. The stream of online fraud, data breaches and prevalence of insider threats is something that we all need to help combat”.
Stuart Abbott, Area Vice President & General Manager of UK & Ireland at Commvault expands on this, “the premise of ‘work anywhere, anytime’ has increased the overall threat landscape over the past two years as a huge proportion of the global workforce worked remotely, often outside of their corporate networks. This dramatically increases the number of potential entry points for bad actors to access your files and, with many storing files locally and working offline, there is a greater risk of shadow IT and files not being backed up. It is crucial that companies implement an effective data protection solution to deny unauthorised access and ensure fast recovery of lost data should the worst happen”.
Dealing with sensitive data
The importance of effective data protection increases tenfold when it comes to organisations handling sensitive data. “Boards and executives deal with information that is often highly sensitive and that consequently has higher costs of exposure”, states Dottie Schindlinger, Executive Director, Diligent Institute. “Think of the reputational, legal and financial repercussions if a classified document leaked because it was shared by executives on a general-purpose communication tool. The impact could be catastrophic. Additionally, recent cyberattacks have highlighted — not just for shareholders, but for all stakeholders — the importance of protecting an organisation’s most sensitive data. General-purpose collaboration tools are often unable to offer the level of protection that stakeholders expect”.
Andy Swift, Head of Offensive Security at Six Degrees offers some practical advice to this conundrum, “use a password manager. We’re all expected to use incredibly complex passwords to keep our Personally Identifiable Information safe, and rightly so. But there’s no way we’ll remember them all without some help. Use a reliable password manager and resist the urge to go back to using ‘Monday1’ for everything.
“Check for HTTPS websites using valid certificates. Sometimes thinking about all the sensitive information you share online can give you a headache. Bank details, passport numbers, addresses… Do yourself a big favour and ensure you only share sensitive information with HTTPS-enabled websites with valid certificates. HTTPS is a secure way to share data with a website, and it prevents cybercriminals from intercepting any information you submit. HTTPS-enabled websites are easy to spot – look for the little padlock on the top-left of your web browser.
“Don’t rely on your web browser to protect you. Today’s web browsers are better than ever at warning you about dangers lurking within the websites you visit. However, they can’t stop you if you still decide to download malicious content. Don’t rely on your web browser alone when you’re online – keep your wits about you and use your common sense at all times”.
Training, training, training
Of course, there is only so far these protocols can go when your staff are simply unequipped to fend off threat actors. Samantha Humphries, Head of Security Strategy EMEA, Exabeam emphasises that “for large organisations, one of the biggest obstacles to overcome is the ‘it won’t happen to us’ mentality, which often comes after installing a new compliance tool, or moving to the cloud. It’s really not that simple. Cybersecurity is not a ‘tick box exercise.’ And in spite of what some vendors may claim… all attacks can’t be prevented by any one tool. Unfortunately, it’s this sense of false confidence that sees too many organisations scrimp on the fundamentals of cyber hygiene.”
Terry Storrar, Managing Director, Leaseweb UK further explains, “Organisations can best contribute by providing company-wide cybersecurity training, promoting internet safety best practices and working in partnership with the wider community to endorse good internet habits. Internally, employers should be implementing strong cybersecurity tools to ensure responsible internet usage. Individuals too must step up to good security practices – even simple tasks like updating passwords can make all the difference.
“Keeping the internet safe requires a combination of tactics at an individual, organisational, national and global level. By deploying company-wide tools, promoting employee best practices and working as a global network, businesses can go a long way in combating those that seek to make the internet dangerous”.