Almost three-quarters (approximately 72%) of people forced to work remotely, is this the end of an era? Through the last four months Covid-19 coronavirus pandemic, people believe they are now more conscious of their organisational cyber security policies than they were before. But they are still happy to break the rules if expedient, according to a Trend Micro study distilled from interviews conducted with more than 13,000 remote workers in 27 different countries.
At risk from within
Against the backdrop of a complex and growing cyber threat landscape, we now have an added threat of remote working (Work Anywhere). Where businesses now assume their IT security will become compromised, or do they turn the other way? businesses are also waking up to the fact that one of the biggest chinks in their armour against cyberattack is their own employees. In fact, they are now the last line of defence, with their unknown actions or knowledge to spot threats is putting the business data (crown jewels) at serious risk.
The fear of you people putting the business at risk can be clearly identified as the top three fear are all related to the human factor and employee behaviour or upset employees. The table below shows that businesses are aware of how easy it is for employee/human error to impact their company’s security. They worry most about employees sharing inappropriate data via mobile devices (47%), the physical loss of mobile devices exposing their company to risk (46%) and the use of inappropriate IT resources by employees (44%).
Source: IT Security Risks Survey 2019, global data
Careless or uninformed staff, for example, are the second most likely cause of a serious security breach, second only to malware.
Hide and seek
When security incidents happen at a business, it’s important that employees are on hand to either spot the breach or mitigate the risks. After all, while employees can pose a risk to companies (as seen in our findings thus far), they also have an important role to play in helping you to protect the business.
However, employees don’t always take action when their company is hit by a security incident. In fact, employees often hide or are unaware of an incident when it happens.
Hiding an incident may lead to dramatic consequences, increasing the damage caused. Now often we see breaches that do not impact the business until months after, as the attacker is building a profile and schedule of actions undertaken within your business. This then means when they do strike the can mimic persona, schedule and finance amounts not uncommon within the workplace, which equals more success for them and more pain for you.
Proactive Measures:
Now that we have seen and identified the risk an employee can have, what proactive measures can we take?
Employee Front Line Measures:
- Online email training to identify threats – with targeted emails aligned to training videos depending on actions taken, with 360 reporting,
- Knowledge on Good Password Practices – Discussed within a recent article here
- Are they aware of how to report a breach and what priority this should have within the business? Do you have a security breach procedure that everyone can easily utilise?
System:
- Complete a risk assessment to see where you are now (template available) – if you do not identify where you are now, you do not know where you should go.
- Setup systems with access required to do their specific role only, not full access to whole shared data – this reduces the impact if there account is breached. as the attacker has the minimum access they have once on the system.
- Introduce a Password Manager, learn more here
- Managed Anti-Virus and Web filtering/protection
- Managed Proactive Windows patch management
- Team communication solution like Microsoft Teams setup for your needs – Meaning you have security control of all communication within the business and not allowing this to go over other well known messaging applications.
What next?
If you’re looking for a new partner or would like some advice please do get in touch here or give us a call on 01942 835912
Discover more about our North West-based IT support services
Want to learn more about what the right support looks like? join us on a web conference call