- Security TWENTY
- Women in Security Awards
Employees need to take responsibility for keeping sensitive company information secure following Covid-19, and not just rely on security software to assume the role of data guardian, writes Andrea Babbs, Country Manager and Head of Sales for anti-virus cyber product company VIPRE Security.
With many businesses having to overhaul their operations overnight to enable their staff to work from home due to Covid-19, maintaining as close to business as usual was an absolute priority. But in the rush to implement collaboration tools to get employees up and running for business continuity, cyber security was pushed further down the list of priorities, potentially putting organisational data at significant risk.
Many businesses may have already had some level of cyber security protection in place, but the shift in working environments and practices means that the emphasis on data security must be reinforced. Some IT security leaders have seen a 30,000pc increase in Covid-19 themed attacks, as cyber-criminals continue to use the current global crisis as an opportunity to target potentially vulnerable end-user systems. With a de-centralised workforce, there is an even greater need for employees to take responsibility for keeping sensitive company information secure, and not just rely on security software to assume the role of data guardian.
While the transition to remote and flexible working has been implemented gradually across many organisations over the years, the overnight change triggered by government protocol has had a dramatic impact on employee working practices. With no peer review or easy access to conversational questions to quickly ask: “does this email look strange to you?”, employees are potentially at increased risk of falling foul of phishing scams.
Add to this the heightened pressures of staff feeling the need to work harder, faster, for longer and demonstrate how much they are actually working when at home, it’s no surprise that mistakes are made. For example, responding to emails immediately rather than taking the time to stop and think whether the email is actually genuine, or giving out sensitive information over the phone to be seen as helpful during a difficult and stressful time.
With tools to support employees that reinforce the need to think before they press send on an email, and consider whether it is authentic or not, employees can assume some of the responsibility for keeping data secure. And as 53% of data breaches are classified as insider, clearly the workforce has a critical role to play in an organisation’s cyber defence strategy.
Businesses can support employees to avoid commonly made mistakes such as forgetting to attach a document when you wrote that you had, or sending misaddressed emails or attaching incorrect information by deploying technology such as VIPRE’s Safe Send which provides a simple safety check. This provides the user with a prompt prior to any email being sent, reminding employees to double check and confirm the addressee and what has been attached. Parameters can also be set to add certain domains to an allow list, or the solution can be deployed on a department or user basis. For example, financial data is highly sensitive, so may require confirmation for all emails, but another department may only need checks on external emails.
Certain keywords can also be defined, so when those keywords are identified within an email – an unreleased new product name, for example – an additional confirmation is prompted before the email is sent, allowing for that all important double check that the right person is being sent the right information.
Technology provides a vital piece of the cyber security puzzle through high quality layered protection that covers email security, web and end-point protection. As the threat landscape is arguably evolving at a faster rate than ever before, coupled with the workplace shifting to a new normal – these tools have never been more critical.
Focusing on the user is also key, educating them and empowering them to take some responsibility for data security, supported by innovative software – not just relying on the IT department. Those that adopt such an approach will be far more successful than those that rely on technology in isolation.
In the rush to keep ‘business as usual’ during such uncertain times, businesses may have inadvertently made their security infrastructure vulnerable to data breach – be that from external threats or accidental insider data leakage. As we slowly make the transition from home working to moving back to the office, or transforming to a hybrid workforce, security needs to be reinforced yet again, with a combination of reminders, prompts and continuous training.
Employees are a vital tool in a business’ arsenal, so they must be regularly trained and reminded about how they can stay one step ahead of cyber threats. But it’s human nature to make mistakes and as such, employees must be appropriately supported with intuitive technology that can spot anomalies, errors and factors that fall outside of set parameters to highlight where potential threats, scams and faults are about to take place.