Security-conscious workplace first defence against hackers

Cyber Conscious 8 May

Sloppy security makes businesses an easy target for criminal hackers yet too many are blinkered to the real and constant risk that hardcore hackers pose to their operations.

A recent study has revealed that  47% of small businesses have been hit by a cyberattack in the last year, with 63% of medium businesses having fallen victim.

55% of UK firms reported a cyberattack, up by 40% on the previous year, the study from insurers Hiscox showed.

Despite the sharp increase in the volume of attacks, the number making preparations against such incidents has fallen. Nearly three quarters of businesses were considered unprepared for a cyberattack, after failing a cyber readiness test, the report stated.

Businesses must shore up defences to stay safe online and avoid being a soft touch for hardened hackers.

An ever-changing digital landscape means creating and maintaining a security-conscious culture is vital. Practical user training and ongoing awareness raising can help organisations in keeping systems and data systems.

Cyberattacks are on the rise and the hackers are getting smarter, more sophisticated and more successful but what is particularly concerning is the fact that too many businesses believe that they are not at risk.

Whether you’re a sole trader or a multinational corporation, cybersecurity is an essential part of modern business life.

When hackers hit large companies, smaller businesses may feel less susceptible but there is no place to hide. Fail to have adequate security guards in place and you could be the next victim.

If you don’t have robust policies, training and awareness of issues in place, it’s going to be just a matter of time before your business is compromised.

Organisations need to invest to ensure that they stay safe, as failure to do so could prove costly, financially and in terms of reputation.

Practical initiatives can greatly reduce the probability of disruption liability and embarrassment that can arise from being the victim of a breach.

Most cyber-attacks aren’t sophisticated at all – they’re opportunistic, with hackers looking for exploitable gaps and vulnerabilities.

The value of the human element in IT security can never be underestimated. Anyone that uses a PC, laptop, tablet or phone in connection with their work has a responsibility for security.

A workplace security culture should start at the beginning of an employee’s journey and should be a core part of the new staff induction checklist. For an existing workforce,  it can be promoted through training, regular updates at team meetings and by carrying out audits and making IT security part of working responsibilities.

To maintain a security conscious culture in the workplace, training courses are an excellent way to raise staff awareness of the type of threats and security issues affecting companies today.

Technology has a shelf life, it needs updates and maintenance, and failing to do that risks being exposed to hacks, malware infections or ransomware attacks to name but a few.

Engineers are tasked to manage and maintain software during its lifespan and when it reaches End Of Life (EOL), engineers move onto  ‘new’ versions which in turn leaves older unsupported software vulnerable.

The growth in applications and data being migrated to cloud-enabled services means that cloud security and protection is big news too. Cloud services, by their very design, are accepted as a reliable means of distributing technology. Cloud Application Security Broker (CASB) services manage and secure applications in the cloud.

There are opportunities to introduce security and additional protection to cloud-based services securing online applications through backup and encryption, along with Multi Factor Authentication, which adds further layers to security.”

The Hiscox survey showed the size of losses related to attacks has gone up sharply - average losses were given as £283,000.