Businesses at risk of cyber-attacks has remained a hot topic. Cybercriminals continue to be one step ahead of the authorities, raising concerns across many organisations as to how educated employees are on the topic of network security?
Coupled with this is the rise in mobile device usage, which has led to companies becoming increasingly vulnerable. The average worker now has between three to four devices connected to their corporate network, due to the growth of BYOD. To remain competitive, organisations are constantly developing new tools and applications that provide faster and seamless access to critical information, thus accommodating mobile use for employees.
This ‘mobile first’ philosophy now makes it imperative for workers outside of the ‘IT department’ to be well educated and up to date with their role and responsibilities in ensuring an organisations data remains safe and secure.
The introduction of laws globally including Australia’s Notifiable Data Breach (NTB) law and Europe’s General Data Breach regulation, underpins the importance of making security a companywide responsibility.
Introduced in late February 2018, The Notifiable Data Breaches (NDB) scheme established strict requirements for entities in responding to data breaches. All SMB’s with an annual turnover above $3M, now have data notification obligations when a data breach is experienced and likely to result in serious harm to individuals and businesses. Hefty fines are now in place ranging between $360,00 to $1.8M for organisations that fall under the new scheme.
With increased mobility, the task of protecting multiple network endpoints has become both harder and more important for organisations. It is increasingly difficult when employees remain unaware of network security and the ramifications of a breach. Therefore, having policies around technology usage is one thing however, staff need to understand why they are in place. It may sound a difficult task to have employees across the board understand the basics of network security. This can be achieved through having workshop demonstrations either internally or with your IT and Network provider and providing employees with relevant case studies of attacks on similar organisations to build a realistic mind-set around network security.
The move towards targeted attacks has become a trend in cyber security. Such cyber-attacks are likely to use some sort of vulnerability to exploit as their main vehicle. With the number of mobile devices and apps exploding, it is no surprise the number of security vulnerabilities is increasing too. A fast growing form of malware is ransomware. Cyber attackers encrypt an organisations critical data holding the data to ransom, then demand a payment in order to have the encryption removed and the organisations operations restored to normal. According to a 2017 study by Sophos, it was discovered that 54% of global firms surveyed had been hit by ransomware in the previous 12 months. The study also found that Australia falls in the top 10 countries in the world targeted by ransomware hackers – a rather unflattering statistic. This is linked to the relentless shift to mobile computing, leading to the explosion of the number of network endpoints for organisations.
With cyber attackers always being one step ahead no matter how big or small your organisation is, it’s important to have all hands on deck. It is vital to have employees continually educated on network security, providing constant updates with the risks and their role in helping mitigate any form of attack.