Cyber tactics: workforce awareness is your critical first line of defence

Cyber tactics: workforce awareness is your critical first line of defence

Cyber threats have risen 20 per cent in the past year. Staff working remotely are your weakest link, but only if you don’t train them to recognise danger

Sponsored Article

28th February, 2021

It’s been almost a year since many in the business world had to shift to remote working exclusively. Now, one in three employees in Britain are dedicated to it, according to a survey last November by Hayes Connor Solicitors.

To facilitate this way of working, businesses have had to alter their IT, change processes and build applications. The easiest and most cost-effective way to do that has been through the public cloud. The infrastructure is already there. As a result, there has been a massive uptick in public cloud adoption.

This new digital reality has brought with it a massive rise in exposure to cyberattacks. In fact, according to ITPRO, businesses faced a 20 per cent rise in cybersecurity threats in 2020 compared to 2019, as hackers took advantage of the pandemic and remote working to exploit gaps in corporate networks.

Over the past year, there has been increased traffic over the internet, more interaction with apps and more remote access to corporate networks than ever before. Many of the devices used have been employees’ personal devices, which may not always have the right web filtering or security solutions available.

As a result, there has been a very real lack of visibility and control of networks for IT teams. We’re starting to see more shadow IT, as employees look to apps to increase productivity, and IT may not always have the clearest view of what’s safe or what’s deemed a risk. So, how can organisations and IT ensure a secure remote working environment for employees?

Education

It needs to start with the employees. Currently, there is a lack of education on cybersecurity as well as a lack of understanding among remote workers.

Best practice needs to be formulated for people, process and the tech itself. There has to be a basic understanding of the risks, and this can only start with cybersecurity companies and other organisations offering training and certifications that are accessible and not cost prohibitive. Fortinet’s Network Security Expert (NSE) training courses are being offered free to organisations which want to ensure their remote workforces have a solid understanding of the threats they face, and how they can mitigate these.

Education and certification programmes are one of the ways in which organisations can narrow the skills gap which still exists in the industry. In business, cybersecurity still isn’t prioritised enough, but the reality is that no matter how large or small a business is, they are still at risk. And cybersecurity professionals need to step up to the mark in educating the market.

Often it’s the IT and technology a business consumes which puts them at most risk, not necessarily who they are as a business. Hackers are lazy, they don’t have the energy to invest in knocking over larger enterprises all the time. But they are also highly educated and very focused on what they want to achieve.

Social engineering is becoming prolific in the sense that criminals are using Covid-19 updates and related information to lure users to malicious sites or to click through to links that enable access to personal information.

Threat actors prefer the path of least resistance. They hack the psyche of targets (who rarely realise the disguises) and rely on publicly available intelligence and interactions to generate victim profiles. Cybercriminals are experts in the art of masquerading, manipulating, influencing and devising lures to trick targets into divulging sensitive data, and/or giving them access to their networks and/or facilities. And businesses need to be aware of that.

Secure networks

As employees and organisations use the cloud more than ever before, networks have to be secure. And for this to happen the wide-area networks of SD-WAN need to be protected, either via integrated next-generation firewalls, or Secure Access Service Edge (SASE) based cloud-delivered security.

Rapid access to online services can expose organisations to incoming attacks from the internet. Therefore, a security-driven networking approach has to be a priority for companies. By selecting an SD-WAN solution with integrated security, companies get accelerated access to critical business applications and the ability to apply a host of security solutions onsite and across all branches.

They can also reduce the number of point products they need to manage through a centralised and integrated secure solution. This helps keep operational complexity in check while achieving the best possible total cost of ownership through lower operational expenses such as WAN charges.

These cloud working solutions deployed in the last 11-12 months are here for the future, and here to stay. The way people work has drastically changed and the threat landscape has evolved with it. To be able to switch and have the element of flexibility between home working and onsite working is necessary in this new reality.

Businesses need to be prepared for the security risks that come with that, whether through education, closing the skills gap or leveraging SD-WAN technology to secure the network. Arming employees with the security skills necessary to be able to spot and mitigate a threat is hugely important in today’s modern workplace.

Share this post

Related Stories

AI is a game changer

Futureproofing your pension savings during a pandemic

Now is the time to start planning for the golden years

Secure networking in a ‘work from anywhere’ world