- Security TWENTY
- Women in Security Awards
If you think cybersecurity doesn’t affect you, you’re sorely mistaken, writes Andy Baldin, VP – EMEA at the IT asset management and identity management company Ivanti.
The reality of cybersecurity is that nobody can escape it. It is the responsibility of everyone with a digital identity, which means that everybody has a hand in implementing a digitally secure environment within the workplace. As the cyber world is becoming more and more embedded into our everyday lives, it is becoming increasingly important to plant the seed of cybersecurity early. Therefore, making education a priority for everyone should be a priority – after all, successful cybersecurity starts with education and awareness.
Data is one of our most valuable assets, and the one that cybercriminals are set on getting their hands on. Not only can a breach result in a hefty GDPR fine and a hit to reputation if personal data ends up in the wrong hands, but a loss of data can be hugely damaging to a business for obvious reasons. Nobody wants to lose their hard-earned work or have to start from scratch.
The key to a solid and secure cybersecurity strategy is to adopt a layered approach. This can include patching, whitelisting, application management, privilege management and anti-virus solutions, among much more. However, there will always be a human element required on top of these defences – and this is where education comes into play. Employees often face stress and time-constraints that mean they may sometimes drop their guard when it comes to security threats, such as phishing emails. This is only magnified by the fact these forms of attacks are becoming ever-more convincing. What can appear to be a quick email from a boss asking for a seemingly simple task, can turn out to be something much more dangerous.
Businesses must ensure that their employees are educated about these hidden threats and know the correct protocol when it comes to dealing with suspicious emails and other forms of cybercrime. It is important to note that cybersecurity education never ends because the risk of cybercrime grows with the introduction of every new technological development. Take the Internet of Things (IoT) for example. Every single connected device we use, from TV to voice assistant, poses a potential threat; and more data, more of which is sensitive, is being shared than ever before. This threat is then magnified because when one tool is compromised, everything on the same network is put at risk. Worryingly, the nature of the IoT means that the threats it poses are extensive, with the number of connected devices we use daily seemingly endless, and often hidden in plain sight.
In a business setting, the IoT is starting to pose a larger potential threat as working from home, BYOD and remote working become more prevalent. Many people will connect to a free WiFi network when it pops up, especially when working from a public space such as a café. However, this may open the door for cybercriminals to enter the enterprise’s network when the employee returns to the office. Of course, this isn’t purely applicable to work assigned devices – personal mobile phones can also be culprits when connected to a business’ network.
Sharing the load
The security team of a company is often the only one responsible for security practices and protocols, leaving employees to think that everything is in safe hands so long as their anti-virus software is running and the applications are updated regularly. However, security needs to extend further than one team, especially as their resources are often over-stretched. Equipping all employees with the information they need to maximise their cyber-safety and protect the business is a key step in the right direction.