Tim, from your company’s human resources department, is working from home today. He receives an email from Debby, his boss, and immediately opens it. It is a request to review a document, with a link to said file. Without thinking too much about it, and keen to impress with a quick response, Tim clicks the link.
He follows the instructions to open it (which seems strange, but it is the first time he is working from home so he does not question it too much). And then, it happens… Tim’s computer screen goes blank, and there is a request on the screen for a large sum of money. He has been hit by a targeted ransomware attack, and worse yet, Tim’s not the only one in your workforce that will fall for this trick today.
The endpoint device landscape is expanding. According to Code42’s recent 2016 Datastrophe Study, 26 per cent of knowledge workers, just like Tim, reveal they are issued at least two corporate devices by employers, and one in twenty say they are provided with five or more. At the same time cyber-crime is on the rise. The Ponemon Institute’s, 2015 Cost of Cyber Crime Study: UK, showed that the average cost of cyber-crime is £4.1 million per year. This is a 14 per cent increase in the average cost from 2014. A terrifying thought, especially when you consider just how vulnerable endpoint devices are - more often than not due to human error.
The biggest questions of the day are, how do you protect your enterprise and what is the right security strategy?
The easiest thing to do, no doubt, is to lock down access to data. Only give employees access to corporate data on premises, with strict rules, access permissions and security measures in place. The reality of course is that is practically impossible in the modern age of mobile and flexible working. To remain productive, your mobile workforce needs secure and reasonable access to your corporate data consistent with their roles and responsibilities, wherever they are, and no matter how sensitive the information. Otherwise, they may create shadow IT capabilities and look to poke holes in the corporate security posture.
According to 400 IT decision makers (ITDMs), just under half (43 per cent) of corporate data in their organisations is already held on endpoint devices. An inherent problem should IT want to lock down the data. Furthermore, 65 per cent of ITDMs agree that losing this information could be seriously disruptive to the business or even business destroying. The impact to brand reputation in these scenarios is absolutely real and the change in consumer purchasing decisions is immediate.
To protect the sensitive data therefore, we need to work with the employees in our organisations. We need to, unlike 33 per cent of ITDMs who admit they do not, put an effective and comprehensive BYOD policy in place. Moreover, we need to make sure that this policy is communicated to our employees on a regular basis. This should be done alongside regular workshops on the most recent threats - so staff know how to identify and avoid them.
After all, at least 67 per cent of knowledge workers - those that handle data in your business and that think for a living - do not believe that their company has a clearly defined BYOD policy in place. Not having one therefore is a risk not worth taking.
Build better backup
It is safe to say no business is bullet proof when it comes to cybercrime. There is always the element of human error and ever increasingly shrewd cyber criminals to contend with. You therefore need to be proactive. You have to build better backup.
Better backup is not only about having good tools in place, it is about having the right tools that help you to gain visibility and maintain data protection compliance.
The right endpoint data protection solution will do all of this. It will give IT full visibility and control of all data residing on, or passing through, endpoint devices. This is done by providing enterprises with a central repository that safely and securely stores a copy of all data that is, or ever has, been on employee devices. This repository provides a valuable resource that can be leveraged to help overcome security threats such as employees walking out with single source corporate information, or malware and ransomware. It should also ensure information is encrypted in transit, and at rest, helping your enterprise keep on the right side of new compliance standards such as the EU’s new General Data Protection Regulation (GDPR) - by always protecting you and your customers’ data.
Ultimately, today’s best defence against being the next big corporate victim of cybercrime is a combination of tactics. The first is ongoing communication and training for your employees. In addition, it is recognising that endpoint data protection is the true starting point for a comprehensive data security strategy, and no longer just about protecting the datacentre.
By proactively changing the way you think about security and delivering better, more connected, implementations of your chosen strategies you are more likely to win the battle - if not the war. Your business need not unwittingly succumb to cyber crime.
Rick Orloff, CSO at Code42
Image Credit: alphaspirit / Shutterstock