Once you’ve begun the process of securing your business from cyber threat the natural temptation is to think that now it’s up to the IT Department to make sure everything stays up to date and safe. Recent research from global specialist Symantec underlines why there’s more to security in a digital era than just IT Security;
Implementing technical solutions across IT Security to secure networks is probably the most well known aspect of keeping data safe. Ensuring an ongoing culture of awareness and understating of proper procedures throughout the organisation is often a major challenge. That’s when staff behaviour and lack of robust process and education can become the biggest threat to security.
It’s a rare sight nowadays to see a post it note stuck to a computer with password and login details on it, but how many staff have just moved that sticky note to the top drawer of their desk, ignoring the procedures that have been clearly explained to them?
Many are now aware that IT Security on a laptop or phone is key to data security, however do your processes to remain compliant with GDPR for example, include what happens if a note book or paper file is left or misplaced? How do you risk assess your business or charity?
Reinforcement of data security needs to happen on an ongoing basis to maintain high levels of awareness and security.
Staff who set up work email accounts on their personal devices need to be aware of the risks involved when they then connect to unsecured wifi networks. How many times do we see someone downloading data to a USB stick that they are likely to plug into another network without any thought about the risks?
Most companies who operate “Bring Your Own Device” initiatives have very strict and clear rules to mitigate the risk of data breach. But there will always be a risk involved with any situation where the device which may be used outside of work with all sorts of applications and social media links, at all times of day or night.
Cyber criminals are developing new and more sophisticated methods of attack on a daily basis and often the most successful use social engineering or rely on a human being to make a mistake.
Symantec found that over two thirds of all targeted cyber attacks start with a phishing email. For any chance of success they need a human to click on a link to give them access to data.
At Net-Defence, our specialist teams develop relevant solutions to help clients maintain ongoing awareness and understanding of the risks among their staff. We work with HR Teams, Boards, Marketing Teams and Legal Teams as well as IT Teams. It is vital to keep staff engaged in the cyber security process and make sure that they are fully bought into a totally secure culture across the organisation. It’s the only way to stop your staff becoming the weakest link in your security.