Not a day seems to go by without news of another data breach or cyber security threat hitting the headlines. From Talk Talk and Tesco to Adidas and even Fortnum and Mason, no organisation is safe. That’s without mentioning wider issues around how organisations are using people’s data. Facebook and Cambridge Analytica have been under the spotlight, and Google also recently confirmed that private emails sent and received by Gmail users can sometimes be read by third-party app developers, not just machines.
When it comes to cyber security and data privacy, there are almost endless scenarios to consider. While cyber attacks and breaches are often referred to in the same way, there are actually many different types of threat, that all access and attack systems in various ways. Added to this, they are all constantly evolving to stay one step ahead of attempts to thwart them.
As such, the term ‘know your enemy is key’. From phishing, spear-phishing and whaling, ransomware and malware, to ghostware, blastware and DDoS, keeping on top of threats is increasingly difficult – especially because as soon as a solution to one issue is found, another version pops up. Cyber security isn’t just an issue of time and resource for organisations; it can also be one of cost. Indeed, according to Gartner, cyber security will cost businesses $96 billion in 2018.
In addition, organisations are having to respond to increasing customer awareness about the value of their data growing pressure to not only keep it safe from malicious attack, but also use it responsibly, and not exploit it in the way organisations such as Cambridge Analytica have been accused of.
Of course, customers aren’t the only ones applying pressure when it comes to data protection. GDPR has transformed consumer data best practice across all sectors. It is also playing an important role in placing the power firmly back where it belongs, in the hands of the consumer.
Increased regulation, such as GDPR, which promotes better handling, collecting, storing and processing personal data is to be welcomed, as is increased awareness of the various cyber threats. However, with so much focus on the ‘big’ issues listed above, organisations are increasingly over looking some serious security and digital privacy vulnerabilities.
So, what are the key areas that are often overlooked?
1. Bring Your Own Device (BYOD)
The way people work is rapidly evolving, enabled in large part by advances in technology. In many ways, this is a hugely positive thing as employees are able to work anytime, anywhere. However, the use of personal smartphones, tablets and laptops to carry out business does increase the risk of data loss – either through human error or by providing a way in for cyber criminals.
A study from Ovum found that 79 per cent of employees found that BYOD enabled them to do their jobs better, but nearly 18 per cent claimed their employers IT department had no idea they use their own devices for work.
2. The Cloud
Cloud computing is convenient, increasingly popular, and is generally considered to be secure. However, this is not always the case. In a public cloud, all data is stored within the provider’s network, and, as such, is open to attack. Even a private cloud, which is not open to the world, with data stored in a private network, is still not infallible.
As both public and private clouds are essentially centralised systems with just one point of vulnerability, it is relatively easy for someone to ‘leave the door open’ either through incompetence or maliciously.
3. Voice and video
Many organisations also fail to consider how telecoms, and increasingly, video factor into their overarching cyber-security strategy. Of course, it is essential for any business to have effective communications, from informal conversations between colleagues, to confidential client discussions. However, voice and video are just as susceptible to hacks as other systems.
This is especially true when it comes to VoIP. Every communication made over IP – including voice - is potentially valuable to hackers and open to attack. This isn’t something organisations tend to consider when using Skype, for example, but voice and video should be treated with the same attention as any other security and data risk.
All too often, people are the weak link in the security chain. This is not always malicious, but human error is a huge cause of cyber attacks and data breaches. IBM’s 2016 Cyber Security Intelligence Index found that more than 60 per cent of corporate breaches were caused by employees or others from inside the organisation. Of these more than 30 per cent were accidental.
Huge issues can arise from something as simple as sending information to the wrong email address, losing a phone or laptop or using default passwords. Then there are also the situations where employees wilfully cause security attacks or leak data.
Fortunately, there are key steps that organisations can take to help ensure that cyber security and data privacy threats are mitigated.
Creating a culture of security
A strong, company-wide sense of security is a vital part of keeping organisations safe from attacks and data breaches. Each employee should be aware of relevant risks and threats and the role they can play in mitigating these.
Digital security and privacy should be an automatic right for businesses, yet sadly they are not. However, there are ways for organisations to make a stand and take back control, allowing them to enjoy a private and secure digital life.
Solutions – such as Siccura – are available which enable businesses to control all data through a centralised administration system, synchronise all business email accounts, track all business communication and data and encrypt all files.
Covering all bases
As there are so many ways that attacks and breaches can occur, it is key for any comprehensive security strategy to take advantage of a solution that can cover not just email, but instant messages, SMS, voice and video calls, servers and any documents and files stored on cloud, local and removable storage, across a wide range of devices.
Not only this, organisations also need to consider whether they have the ability to take back, block access to and destroy data if necessary, for example if an employee leaves or if an employee’s phone, which they have been using to access company emails, is lost.
Keeping it simple
An organisation can implement the most robust security measures there are, but if they are not intuitive, simple and easy to use, employees will find ways to side step them, which defeats the object somewhat!
There is no escaping the fact that the way people work is changing and any draconian security measures that don’t enable flexible and agile working will not be effective. Leaders need to find solutions that can offer complete security, while also being easy and practical for all employees to use.
Cyber security and data privacy may be big issues for businesses of all sizes, but with the right approach and by taking advantage of innovative solutions available to help combat cyber threats, organisations can take back control of their digital lives.
Ajit Patel, CEO, Siccura
Image Credit: Melpomene / Shutterstock