Telling the truth about SME life today

Groundhog Day: IT security habits to repeat and retire

Share on facebook
Share on twitter
Share on linkedin
Share on email

Eduard Meelhuysen, head of EMEA at Bitglass, on protecting data in cloud apps

Cloud apps are becoming increasingly prevalent in the workplace, and with good cause. They are a cost-effective means for smaller organisations to benefit from enterprise level functionality.

While these business cloud apps are certainly here to stay, it’s important that business owners understand exactly what information in being put in them and make sure that all sensitive data is secure, regardless of the app.

This is especially timely given that companies need to prepare for the pending data protection regulation, the GDPR, which has a number of cloud-relevant considerations.

For example, companies need to know the location where cloud app data is being stored, they?ll need to ensure that all apps being used meet GDPR’s security standards and that customer data is not shared with any third parties, amongst other requirements.

When it comes to cloud apps, employees typically set up and use the services on their own with little regard for whether or not they are approved by the business.

The sheer volume of apps available today means that trying to constantly discover and control them is a waste of time and effort.

Businesses need to put in place measures to protect sensitive or business-critical data at all times, wherever it may reside.

Ryan OLeary, VP Threat Research Centre at WhiteHat on breaking bad web security habits

The scary thing about web application security is that we feel like we re living out Bill Murray’s Groundhog Day fate of seeing the same thing over and over again without any end in sight.

Serious software vulnerabilities such as cross site scripting and SQL injection flaws, which have been known about for over 15 years, continue to be present on website after website.

Around half of all websites we assess contain at least one cross site scripting vulnerability, which can be used to alter how an unsuspecting victim interacts with the website.

This statistic is particularly staggering considering that it is relatively easy to fix this flaw.

But, as developers are being pushed to build more and more applications as quickly as they can, coding securely is not always a high priority. Until we can make security an integral part of the development of these websites, we ll never break out of our own Groundhog Day.

Shane Buckley, CEO at Xirrus on regular employee training

According to research carried out by Xirrus, 91 per cent of WiFi users do not believe public WiFi is secure, yet 89 per cent of WiFi users choose to use it anyway. WiFi users are aware of most cyber threats.

But ransomware is the least known, despite its prevalence, evolution and danger nearly 30 per cent of respondents are unfamiliar with ransomware. Most businesses do not equip their employees with the information and tools to stay vigilant and safe.

Because of this, Wi-Fi users carry the burden of corporate mismanagement. 39 per cent said their employers have offered one or two training sessions in the past year.

With the cybersecurity threat landscape becoming increasingly complex, employees with unsafe cybersecurity habits put both themselves and their employer at risk.

Working with Human Resources, it is up to the organisations” CIOs, CISOs and IT leaders to put into practice regular cyber security training sessions for employees, so they are not only aware of the risks out there, but also know how to avoid them.

Image: Shutterstock



Share on facebook
Share on twitter
Share on linkedin
Share on email

Related Stories


If you enjoyed this article,
why not join our newsletter?

We promise only quality content, tailored to suit what our readers like to see!