Massive security breaches that involve global companies always make the headlines. It’s dramatic news copy that reminds us all to take care and be security-aware online.
But these big, reported breakdowns in cyber security are the tip of the iceberg. There are many more hacks and breaches that never make the daily news headlines. They are still damaging, undermine business confidence and cause untold disruption and expense.
And the most common place for the attack to originate is from within your own organisation:
- Careless actions
- Failing to follow security procedures
- Malicious intent from the outset
A 2016 Cyber Security Intelligence Index report revealed that only 40% of all security attacks came from outside the company involved. So 60% came from inside, and 75% of those were malicious.
Most Targeted Industries
Those industries with the biggest data banks of personal information, or those with huge financial assets are most at risk. However, all companies have a security weak spot represented by their employees.
You can’t avoid trusting staff with company data, or refuse to give access to needed sensitive information. Our MD Dean Spencer hears many companies voice this dilemma. He says, “It can seem like ‘catch 22’. You have to trust people, but how can you be sure you’re not opening the door to all kinds of forbidden activities?”
Build Security from the Inside
Focusing your cyber security in the right places strengthens your weak spots. But you have to know where to look:
- Know your most valuable company data and systems, and put your strongest defences there.
- Use deep analytics to monitor user behaviour. AI can help detect deviations from normal routine that may show a security breach.
- Know who has access to the most sensitive information, and be vigilant in monitoring their computer activities. Who to include? People at all levels in your company hierarchy. Don’t exclude top executives or IT admins.
- Include mobile devices that access your network.
- Maintain a training programme so employees stay up to date and aware of potential threats, and know how to react in given circumstances. Don’t be afraid to test them. Mistakes cause breaches as easily as deliberate hacking attempts.
Building Awareness
- Understanding how and why many attacks take place is a first step. Next, have business IT systems with robust inbuilt security.
- Have good employee CET (communication, education and training).
- Microsoft Office 365 is built on rigorous security standards intended to increase productivity and collaboration while maintaining strict security protocols as part of the Trusted Cloud services. This includes the ISO27001 standard, which recommends increasing user awareness of security. This standard is also mentioned in a White Paper from RISCS which provides a framework for staff engagement in cyber security.
Another part of the ‘catch 22’ conundrum comes from the ways in which many companies operate. We don’t employ most staff members for their knowledge about computer security.
They’re employed for the contributions they make to business success, and many are paid depending on productivity. Staff will take shortcuts or completely ignore processes that make their job more difficult. This could involve anything from banned file sharing to complicated login/password routines. IT systems have to stay secure while still allowing people to do their jobs efficiently.
For every company, the issue revolves around how to make information sharing and communication in the workplace quick and easy, while still maintaining good security standards.
We run Office 365 Taster Days to help answer this exact question. We’ll show you how to beef up your internal security and harness the full power of cloud computing at the same time. There is still time to book a spot on the next free Taster Day on 17th January. We’ll help you strengthen your computing security in 2018 and beyond.