—By Chris Hurst, General Manager UK&I, Kaspersky—
An opportunity exists for vendors and businesses to engage in more open conversation to bridge the enterprise disconnect that exists in our industry. If large companies and their employees are to be empowered to defend against cyberthreats more effectively, then we need to engage in effective and clear communication detailing how to mitigate against new and prevailing threats.
Divisions between business leaders and security vendors lead to flaws in cyber-defences and a lack of the right technologies being harnessed to ensure strong cybersecurity posture. Exacerbating this is the rise in remote working, leaving employees outside the direct protection of a corporate network.
As the most of our working dynamic has seemingly shifted overnight, it became all the more difficult for businesses to meet their own needs appropriately. Businesses have subsequently struggled to understand, interpret or relay messages from vendors about services they have received or need. Worryingly, as a result of this disconnect, research has shown that more than a third of UK workers are now less sure of security measures when working from home. This is something that enterprises and vendors must address collaboratively, to avoid any future data breaches or successful cyberattacks.
The Changing Landscape of Cybersecurity
While businesses are employing a wider range of protection practices, the risks are also increasing and becoming ever-more complex. The last 12 months has also seen security concerns compounded by people working from home and the line between private and public realms being blurred. The criticality of this effort comes from the fact that it isn’t just the companies’ own data in need of protection. Information pertaining to business partners, employees, customers and even customers of customers would all be at risk from a potential breach.
More from Business
- Bridging Finance in business – what is it? is it worth it?
- Clio Valued at $1.6B With Announcement of $110M Series E Funding to Support Explosive Demand For Cloud-Based Legaltech
- Farhad Divecha – MD and Founder of AccuraCast – on the impact of iOS 14.5 on businesses
- Study Reveals the Biggest Data Breaches in History
- RegTech industry backs FCA calls for ‘purposeful’ AML policies
- The Future Trends of Live Streaming in Business
- Interview with Harry Briggs, Managing Partner at OMERS Ventures
- Interview with Peo Persson, CPO and co-founder of DanAds
Much of this vulnerability exists among the workforce, and their respective security habits. This is why the working-from-home transition has shifted the goalposts for so many organisations. Are employees taking all necessary precautions as siloed entities, to ensure the broader network and its vital assets are truly protected? At first glance, concerningly, it seems not.
A 2019 report found that human error caused 90% of data breaches, according to analysis of data from the UK’s Information Commissioner’s Office (ICO). This is very unlikely to be a result of malicious behaviour. Rather, it highlights the vast knowledge gap and disconnect that exists between the employee on their device at home, and the cybersecurity provider feeding information and guidance to their bosses.
It is a disconnect that results in potentially inadequate knowledge of security basics such as application protection, password and login habits or device sharing. This is compounded by potential panics or protectionism, should something go wrong and those people feel at fault. Either way, the upshot is likely to be increased device and network vulnerability for the employer.
Solutions to the Enterprise Disconnect
This is why closer communication between vendor, business leader and end worker is so vital. If a cybersecurity provider clearly communicates not just the solution, but the business-specific rationale behind that solution’s importance, then that information will be more clearly relayed to the wider business.
An understanding of cybersecurity’s significance will become part of the culture, and employees will be better equipped to face the new working landscape.
The need to address this issue is evident in the fact that more than 60% of security leaders in companies say finding the information provided by vendors is currently too complicated to understand.
If everyone in a company is clear about what to look out for, what signs to spot and what to do and not do, the business will be far better protected. It will also ensure a sense of readiness and agility in the face of future uncertainties, as businesses adjust to post-pandemic life and longer-term working from home norms.
Practical Steps to Address the Enterprise Disconnect
This communication challenge won’t be navigated overnight, but there are some key, practical steps that companies can take to better safeguard their business, devices and employees while working remotely.
Kaspersky recommends the following:
- Enforce strong passwords, and update them when required
- For employees working remotely, ensure they use a corporate VPN
- Regularly carry out updates on laptops and devices
- Store data in one place, so that if a system is compromised, data can be retrieved more easily
- Encrypt important data
- Regularly back up data
- Ensure that staff apply network encryption and a strong administrator password to their routers to remain secure
- Invest in webcam covers for employees for when they’re not in use, and encourage workers to select appropriate settings when in group meetings that blur backgrounds, to add extra privacy
- For companies that have adopted a BYOD policy, limit how often staff carry out personal tasks, such as banking or personal email, on those work devices
All these steps should be underpinned by regular IT cybersecurity training and workshops to keep employees abreast of the current industry climate and what dangers to look out for.