Does your computer security need an update?
It’s hard to imagine that Computer Security Day launched all the way back in 1988 - a time when the majority didn’t have a home computer, and the Wi-Fi revolution was still over 10 years away. Since it’s genesis, computers have become part and parcel of our daily lives, using computer devices to stay connected, as well as for work, banking, shopping, and more.
However, as technology has evolved at a rapid pace, so too has the threat landscape. In the UK alone, 39 per cent of all businesses have suffered a data breach within the past 12 months, and this figure increases substantially for medium (65%) and large enterprises (64%). In today’s digitally advanced age, robust cyber security is a necessity.
“Computer Security Day offers the perfect opportunity for organisations to take a look at their own practices and identify what more they can be doing to protect their most valuable data and assets from cyber threats,” notes Adam Burns, Director of Cybersecurity at Digital Guardian.
“Sooner rather than later, organisations need to start implementing good cyber security practices, such as regularly reviewing system settings and disabling unnecessary services that may leave them open to attack. It is absolutely essential that IT systems are constantly updated and free from known vulnerabilities. Businesses need to step up their phishing awareness efforts, including educating remote workers about attacks via SMS and smartphone apps.”
Cyber security to match the changing workplace
Furthermore, the shift to hybrid or remote work has posed more than a logistical challenge for businesses; ‘It’s a cyber security nightmare,” explains Terry Storrar, Managing Director UK at Leaseweb UK. “Away from the office, employees are now far more likely to practice poor cyber hygiene, for example connecting to unsafe networks, transferring work data to personal devices, or sharing unencrypted files. And threat actors are relentlessly taking advantage of these vulnerabilities.
“However, as concerning as these practices are, they are often relatively simple to fix. Standard security training for all employees is one of the most basic, yet effective methods an organisation can implement. However, too many businesses are failing to safeguard their data in this way.
“This Computer Security Day,” he adds, “businesses should start thinking about how they can implement more safeguarding protocols and make cyber security training accessible for all employees.”
“With the rapid advancement in remote working, more devices are being used for work than ever before,” agrees Scott Boyle, Head of Information Security at Totalmobile. “Every laptop, tablet and mobile device becomes another endpoint that cybercriminals can try to take advantage of, and so it’s vital that organisations take their security seriously. For organisations with mobile workers, the challenge is even greater – mobility extends your company’s digital footprint, and therefore the perimeter of what you need to manage. Staff need to be able to securely access files on the move, meaning that their organisation’s cyber security measures need to cover any and every location.
“Often the most valuable data to cybercriminals is customer data. There are some top tips that organisations can follow to help ensure that their customer data is looked after – and that it meets all compliance regulations, too. Ensure that you have specific policies in place around the handling, storage, access, visibility, and transmission of personal data, so that staff know exactly when and how they can interact with this.”
Training - the first line of defence
Cyber attacks have grown in both frequency and severity in the last few years. “They have become more diverse and harder to predict and, as a result, the need for additional or specialised skills remains an ongoing requirement,” highlights Gregg Mearing, CTO at Node4. “With the cyber security skills gap persisting for the fifth year, many organisations don’t have the internal capacity to stay ahead of cybercriminals’ next moves.
“Security MSPs can be useful in bridging this gap by providing additional support and closing gaps where these skills are lacking. They can also be a valuable addition to an organisation as such technology can be updated, allowing businesses to continually improve and adapt their services to counter the ever-changing landscape of cyber security.”
Promisingly, we’ve seen some positive progress around cyber security awareness and training over the last few years. For example, new Skillsoft data has revealed a 53% increase in the total number of hours learners spend on security training since 2019.
“These are encouraging signs that indicate businesses are taking cyber security seriously and making concrete efforts to address the associated challenges,” notes Don Mowbray, EMEA Lead, Technology & Development at Skillsoft. “Going further, organisations need to find new and creative ways of incorporating security training into employees' day-to-day workflows. Gamifying learning, for example, and allowing staff to put their skills to the test via real-life scenarios and friendly competitions can be hugely impactful as it gives them a practical way to assess their learning in real time. In doing so, it’s important to incorporate a variety of learning styles and content delivery methods. This will ensure training appeals to every type of learner.”
Technology to trust
However, while employee training should be a crucial element of any cyber security strategy, employees should not be the only line of defense against cyberattacks. Danny Lopez, CEO at Glasswall, highlights, “as the sophistication of attacks grows every day, it’s important to recognise that any individual within your network can easily become a target. No matter how often or how thoroughly you train your employees on cyber security best practice, cybercriminals can often outsmart even the savviest user with basic knowledge of predictable human behaviour.”
He adds: “This Computer Security Day, organisations should explore options that prevent their users from coming into contact with threats in the first place; often, traditional sandboxing and antivirus software no longer provide the level of protection that is needed today to combat the latest attacks. Instead, more modern techniques such as Content Disarm and Reconstruction (CDR) – solution-based file protection software – can provide greater confidence in received files that are rebuilt to a known good standard, helping businesses keep cyberthreats at bay without impeding user productivity.”
As cyberattacks continue to grow in frequency and severity, Hugh Scantlebury, Founder and CEO at Aqilla, suggests, “backup and disaster recovery coupled with regularly audited security measures are the best form of defence. But don't assume that your cloud-based SaaS solutions automatically offer these services.
“If you're using cloud-based accounting and financial software — indeed, any cloud-based solution — we'd recommend you check that your solution operates from a secure and well-managed data centre. Ask your provider if they store your data in accordance with the National Cyber Security Centre's 14 Cloud Security Principles.”
“As an IT leader, you should consistently update your cyberattack prevention strategies and implement measures that protect you from falling victim to potential attacks,” furthers Neil Jones, Cybersecurity Evangelist at Egnyte. “With proper training and by limiting access to sensitive content, organisations can protect themselves from being victims of the next big data breach. Limiting access to mission-critical internal data on a "business need to know" basis will also enable you to prioritise threats and address them more effectively.
“The best way to thwart a potential attack is to have a proactive approach in place that detects misuse before it’s too late,” he concludes. “Encourage your employees to take proactive steps to enhance cyber security and reinforce the importance of personal accountability with all of them.”