Autumn is most certainly here and with it comes Cybersecurity Awareness Month, writes Nick Offin, Head of Sales, Marketing and Operations, Dynabook Northern Europe, which offers mobile devices.
Whilst this effort and other initiatives seem to be raising cybersecurity awareness, and businesses are slowly waking up to the fact that security needs to be a main priority, there is still progress to be made. Many organisations remain under-prepared. In fact, according to recent Hiscox research, three-quarters of companies are ranked as “novices” in terms of cyber-readiness.
This under preparedness is increasingly worrying when you consider that research is showing a growth in the number of cyber-attacks on businesses – with over half of organisations falling victim last year. In particular, recent midyear reports found that ransomware attacks are up 15 per cent, distributed denial-of-service (DDoS) attacks increased in size by 500 per cent and phishing attacks more than doubled last year. So, with cyber threats on the rise, how can businesses ensure they’re getting security right. Defence against increasingly sophisticated cybercriminals is a multi-pronged challenge. However, IT decision-makers need to ensure employee devices, with advanced security features, are at the very heart of their organisation’s cybersecurity strategy. Not only this, but employee education is key.
According to an IWG study, half of business professionals work remotely for at least half of the working week – whether that is working from home, at a client site, or commuting on public transport. Mobile working and remote system access through BYOD offer great benefits to both staff and employers, however, they open up new potential threat vectors and present new challenges in relation to device management. Despite this, employees are essentially a business’ first line of defence against cyber-attacks so it’s vital that the devices they are using daily are up to the job and provide robust protection against potential risks. Laptops which boast advanced biometric features and hardware-based credential storage capabilities offer a stronger defence mechanism against password or access hacking.
Other security measures such as zero client solutions go even further and help nullify data-related threats by withdrawing sensitive data from the device itself. With information stored away on a central, cloud-based system, these solutions protect against unsolicited access to information if a device is lost or stolen. This is especially useful for mobile workers looking to access data outside of the office or on the move.
Education
Another thing to consider is employee training. According to research, almost 90 per cent of data breaches are caused by human error. For example, its well known that passwords are merely a speed bump for today’s sophisticated cyber criminals, and all it takes is for one wrong click on a fraudulent link or a laptop left on a train to compromise business or employee-sensitive data. With this in mind, it’s now become fundamental for companies to educate their staff on the concepts of cybersecurity and how to handle sensitive information correctly, especially as mobile workforces are on the rise. Part of that training should include insight into the business’ security setup, why and how certain security solutions are deployed, and their own responsibility to carry out good cybersecurity practices.
Multi-layer approach
While education should form a central part of any company’s cybersecurity strategy, cybercriminals are increasingly finding more sophisticated ways to target employees. For example, ransomware attacks are becoming more targeted, phishing emails are more convincing and malware more advanced than ever before. With many of today’s most common cyber-attacks being socially engineered to rely on human error, even the most diligent of employees could fall victim to an attack.
To add to this higher threat landscape, current network infrastructure has not been built with today’s security in mind, meaning businesses need to go a step further and implement solutions that protect at the network level. This involves a multi-layer approach, which integrates both hardware and software.
Secure-core PCs, in particular, enable employees to protect their devices from firmware vulnerabilities, shield the operating system from cyber-attacks and prevent unauthorised access to devices and data with advanced access controls and authentication systems. Other solutions like in-built BIOS (basic input/output system) also adds a greater layer of protection, removing the risk of potential third-party interference. Smart data encryption features also shields every area of a device’s hard drive, including all system files. Even if the HDD is removed, data will be remain encrypted.
The threat of a cyber-attack is not new for businesses and will remain an ever-present threat. It’s essential that device-level security is a key factor in an organisation’s cybersecurity strategy, giving employees the right tools to help tackle security threats at both a hardware and software level. Although technology solutions are fundamental to protection, part of this also involves employee education and awareness. Organisations who aren’t putting employee devices front and centre or investing in training, may well find themselves joining the ever-growing list of companies who have fallen victim to today’s callous cybercriminals.
