January is traditionally the month in which people start a new role or start the hunt for a new job, meaning that businesses will soon be experiencing an influx of new staff. At this time, businesses are exposed to an increased risk of a security breach through new, ill-informed employees inadvertently breaking the company’s security policy. With this in mind, now is the ideal time for businesses to ensure their security policy is fit for purpose. And while conveying it to new staff, it would also be worth giving existing staff a refresher course in the dos and don’ts of corporate IT.
Cyber security is now high on the government’s agenda, with plans in place to educate and inform all who are at risk. One of the problems the government faces is that many SMEs do not believe that they are at genuine risk from cyber criminals, as they do not operate in a top-secret environment. This lack of awareness, or disbelief, that their corporate information could be of interest to anyone outside the organisation is the root cause of security malaise. It also opens the door to cyber-criminals. An excellent example here is a UK-based cleaning company that discovered it was the victim of a cyber attack only after it had lost a contract to clean the local council buildings. The directors had thought that no one would be interested in the information held on the computers of a cleaning company; after all, what would be the big secret? They didn’t consider their competitors, who were also pitching for the same contract, which would, if secured, bring in several million pounds over its duration. It was this – the amount they were going to charge for the contract – which was of value. In this case the overriding factor in choosing the supplier was cost (most other variables were the same), so a lower bid was the winning bid. Understanding what the competitive bids were enabled one company to outbid the others. As a rule of thumb, if it’s valuable to you, it’s probably of value to someone else too. When revisiting the corporate security policy, it is also recommended that particular attention is paid to the use of personal devices for work. Bring your own Device (BYOD) is becoming more and more commonplace within UK businesses as employees use their own smartphones, tablets and laptops for work. But these also represent more points of entry, and therefore risk, to a business and must be secured appropriately – according to the policies set out. Similarly, the policy must cover other eventualities: for example, what happens if that employee leaves the organisation? They should be made to wipe the device of all company data. Or what happens when the device breaks? What is the policy around getting it fixed as quickly as possible, to minimise the amount of non-productive time? Security measures are not there to hinder business, but to safeguard reputation and income. The best defence is to choose the necessary technology for the business, and create – and enforce – a robust security policy. For example, if the organisation has a high turnover of staff in a particular business unit, you may wish to set parameters on the emails to ensure disgruntled staff don’t cause embarrassment by sending inappropriate emails. Likewise, if your company heavily uses social media platforms, you may wish to put a system in place to blacklist certain words from being used in postings. The methods cyber criminals use are changing all the time. We constantly hear of new uses and attacks being devised and deployed, so it is essential for employees to be kept updated, ensuring they don’t fall victim and inadvertently cause an information breach. A thirty-minute meeting today for all staff outlining the new attacks, how to spot them and how to respond, could save a business thousands of pounds and the impact of reputational damage further down the line. Dr. Guy Bunker is senior vice president of products at web security specialists Clearswift, and board member of the Jericho Forum, which advises the government on cyber security strategy.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.