There is no way to avoid the inconvenient truth that no matter how many security measures or solutions that are put in place, people will be a weak point when it comes to cybersecurity.
This is not a slight against employees mind you, but rather lax controls and processes which allow things to slip through the cracks.
As we’ve evangelised time and again, training is an essential aspect of cybersecurity and might just stop employees from making a mistake.
Chief technology officer (CTO) at In2IT Technologies, Vishal Barapatre, has some advice for businesses looking to prevent things from slipping through the cracks over and above educating your workforce.
But where does one start? Cybersecurity can be incredibly complex and convoluted. Once you add people to the mix, this complexity increases.
The best place to start then is likely the most complex problem – accessing company data.
According to the 2019 Global Data Risk Report from Varonis Data Lab, an analysis of 785 organisations revealed that of those organisations 53 percent found over 1 000 sensitive files could be accessed by every employee.
“Data is clearly at risk, and human behaviour is the problem. People use unauthorised public cloud services to share data, or place folders of sensitive information on common servers that may not be secured. There is also the real possibility that people have malicious intent and steal information for the purpose of selling it,” Barapatre explains.
For these reasons it’s important that data access is controlled but even this requires a bit of finesse. As we explored earlier this year, data silos can lead to decreased agility, and if 2020 has shown us anything, it’s the value of being an agile organisation.
There is unfortunately no simple, one-size-fits-all solution to dealing with data protection but it’s an important exercise.
Before the global pandemic hit, edge computing and devices were a concern for security professionals and now that employees are working from home, well, it’s the Wild West out there.
“At-risk behaviour is the most significant threat. When it comes to edge devices, this generally involves people downloading apps off the open Internet, rather than through the verified app store. One example recently was an app that claimed to be able to tell people whether or not they had COVID-19 through their phone. This app created a vulnerability that exposed users’ personal information, including bank details, and permitted OTPs to be diverted and SIM cards to be cloned,” says Barapatre.
The CTO goes on to say that poor password hygiene, falling for phishing scams and clicking malicious links are other ways risk is introduced to a business.
Can technology help in this regard? Yes it can, but one shouldn’t rely on solutions alone.
“Technology needs to go hand-in-hand with education, because no matter what solution is in place, people have the power to override it, and hackers are always one step ahead,” the CTO says.
And training must be ongoing. There will always be new risks and new methods being employed by cybercriminals and given the complexity of these issues, a helping hand is rather welcome.
What is key here to our mind is making this education accessible. Remove the jargon, speak frankly and relay the risks and concerns in simple terms. Many folks have no interest in cybersecurity and the moment you start talking about edge this and malware that, folks switch off.
“People need to understand the policies and procedures around security, but more importantly why they exist. Awareness of security threats and risks, and understanding of how their behaviour can affect cybersecurity, are essential weapons in the war on cybercrime,” Barapatre explains.
Cybersecurity is an ever evolving beast and the best way to people-proof your business is making sure the people are equipped with the tools and knowledge they need to fight off criminals at the gates.
[Image – CC 0 Pixabay]