Michael Armer, Chief Information Security Officer, RingCentral, takes a closer look at strengthening businesses frontline defence and cybersecurity strategies to take forward in the future.
As cyber-attacks grow ever more sophisticated, many businesses are still lagging in implementing robust security measures and training their staff effectively.
Data shows that 50% of businesses reported experiencing some form of cyber security breach or attack in the last 12 months, increasing to 74% for large businesses.
Yet, a mere 18% provided changes to training.
This alarming gap underscores the urgent need for immediate action.
Whilst action should be undertaken by businesses to ensure robust security protections are in place, there is a role for employees to play too.
It is often said that employees are your businesses first line of defence and without ample training, your defence line is weakened and the resulting consequences are long lasting.
So where do businesses go from here? I recommend a blend of tech infrastructure and employee training and upskilling.
A blended approach will enable businesses to remain resilient and maintain optimum cyber hygiene to ensure they are fully protected against attacks.
With new technology comes new ways to approach levelling up business protection.
One place to start with this is Zero Trust Practices.
A Zero Trust model refers to an architecture whereby certain permissions and access codes are only granted to specific employees.
The model is all about protecting against vulnerabilities and providing a secure roadmap for your organisation for years to come.
Today, people, data and devices remain widely distributed, which makes it harder to maintain full visibility and proper security management.
A Zero Trust model will ensure that employees re-authenticate to prove that they are who they say they are and that they have the privileges required to access a given application.
The cloud is also an option I would recommend for many organisations.
Despite the transformative potential of cloud technology, many businesses remain apprehensive about fully embracing it.
However, the cloud has a lot of potential to add an additional layer of protection for businesses.
Particularly when working with a hybrid model, it can be tempting to store data on local storage, be it a hard or thumb drive.
While it is convenient, storing data on local storage comes with risks.
Implementing cloud storage for data is another great protection detail, as it keeps its servers behind the best firewalls and antivirus tools, rather than the data sitting on an unprotected drive that is relatively easy to hack.
Critical to your organisation, your employees shouldn’t be left behind in security training and upskilling processes.
Data shows that human error was a contributing factor in 82% of all reported breaches.
Continuous training and awareness campaigns can significantly reduce the risk of employees falling victim to social engineering tactics.
Effective training should teach employees to protect personal details, check domains and emails for signs of phishing attempts, and maintain a healthy sense of caution when handling sensitive information.
Regular simulated phishing exercises can help reinforce best practices and keep cybersecurity top of mind for all employees, regardless of their role or level within the organisation.
Employees must also be trained to not give away sensitive personal information, check domains (companies will never use public domains for business), inspect email addresses and links and remain cautious of messages that create a sense of urgency – which is usually an indicator of foul play.
Depending on the structure of your organisation, some employees may choose to use their laptop for remote work whilst away, or even use it for personal browsing.
While this flexibility presents immense opportunities, it also brings its fair share of challenges.
Employees are more likely to connect to unsecured Wi-Fi networks, download unverified applications and engage in online activities that may expose their devices to malware and other cyber threats.
The mixing of personal and professional usage on work devices increases the vulnerability landscape.
It’s at times like this when training and education become fundamentally important to your cyber resilience and hygiene practices.
Use this as an opportunity to remind employees of best practices and ensure devices are equipped with up-to-date security software.
For additional protection, you can embed a virtual private network (VPN).
A VPN has become a popular way to support remote workers, secure cloud servers and improve access to the data stored on such servers.
This works by allowing users to connect to the internet via a virtual network, assigning users a brand-new IP and hiding their true IP and location, while also using industry-grade encryption protocols to scramble traffic and make it unusable to others.
VPNs can be used on dedicated work computers and smartphones to protect data from cybercriminals and is a go-to solution for people who are working on public Wi-Fi.
Now more than ever, organisations must be agile and prepared to evolve their strategies in response to emerging threats.
As new technologies like AI infiltrate businesses, embracing a proactive approach to cybersecurity is absolutely essential.
With continuous training and updating of cybersecurity infrastructure, organisations can effectively mitigate risks and protect all assets.
Click to Open Code Editor