How to make cyber security work for your least tech-savvy employee
By Tim Ryan, Senior Product Manager, Virgin Media Business
What is the leading cause of all cyber security breaches?
Basic, avoidable human error – clicking on a phishing link, for example – caused 90% of all data breaches in 2019, according to CybSafe after it analysed data from the UK Information Commissioner’s Office (ICO).
Since then, another complication has arrived. A massive unexpected increase in people working remotely and all the security risks that come with it.
48% of employees are less likely to follow safe data practices while working from home, which inevitably ramps up the chance of human error.
And avoidable mistakes aside, home networks are 3.5 times more likely than a corporate network to have at least one malware family.
One thing is clear: to thrive in a hybrid working world you need security that is fundamentally easy.
Easy to buy. Easy to build. Easy to use. Easy to change. Easy for every employee to understand.
So easy they don’t have to think about it.
In this article I’m going to explore why that is, what you can do to make it happen and how it can help you thrive as hybrid working becomes the norm.
The cost of human error
According to CybSafe’s analysis, the percentage of data breaches caused by human error in 2017 was just 67%.
That’s a 23% increase in just two years.
You could partly attribute this to an evolution in the way cyber criminals operate – even more so in the wake of Covid-19.
In a report last year about the rise in cyber-crime since the start of the pandemic, INTERPOL’s security general Jürgen Stock said, “Cyber-criminals are developing and boosting their attacks at an alarming pace.”
And with people now working in so many different places, on so many different devices and networks, with a new workplace app to get your head around with every passing month, it’s fair to say increasing complexity is also playing a part.
More touch points equals more opportunities for human error to happen.
What is the cost of all those little mistakes?
In monetary terms, about $3.9 million (£2.8 million) per data breach for UK organisations, according to a report by Ponemon Institute and IBM.
And let’s not forget the not-so-easily-measurable impact. The potential disruption to employees and customers, for example. Or the long-term damage to your brand. Or the fear a public sector breach can spread among the public.
So how do you reduce the chance of human error when it comes to cyber security? And how do you limit the damage if it does happen?
Never separate security from connectivity
The key to a thriving hybrid workforce lies in connectivity, security and empowerment.
Empowerment comes from cloud-based tools enabled by secure connectivity, but all three have to work in harmony.
One of the biggest mistakes I see organisations make is treating security and connectivity as two separate entities.
They are one and the same.
In fact, they’re like wings. If they don’t come as a pair, you might as well have neither.
Because if security isn’t embedded into every bit of your infrastructure and all the tools that run on it, you have to treat it as an add-on.
That means you’re going to have to engage with a separate supplier, which not only creates more admin from an operational perspective but could also give you more systems and applications to deal with.
And that supplier might be a security expert, but if they don’t understand the bigger picture – i.e. how security, connectivity and cloud-based tools can work together to create the business outcomes you need – you may be left with gaps to fill. Gaps that could make you less secure but also less efficient and effective in a hybrid working world.
Most importantly, however, if your connectivity infrastructure isn’t inherently secure without the need for third-party add-ons, your network (arguably the most vulnerable part of your organisation when it comes to keeping your data safe) won’t be as protected as it could be.
The net result of all the above?
More risk. More hassle. More room for human error.
Security should empower, not slow people down
Cyber security has always been important. And it’s always been about keeping data out of the wrong people’s hands.
That hasn’t changed. But the way forward-thinking organisations think about security has.
It’s not just a box-ticking exercise now or something to keep the regulators happy.
Effective cyber security that is fully integrated with your connectivity and collaboration tools – cyber security that just works – can be a key enabler for new ways of working.
Get it right and you can empower your people to do their job wherever they are, however works best for them and your customers, without losing sleep over sensitive data – all through one supplier.
And the cost of getting it wrong?
Forget the fire and brimstone fines or the hit to your reputation.
Those things matter. They always will.
But the real risk is being left behind because your cyber security doesn’t help you adapt to the new everyday.
Or worse: it actually holds you back.
Want to know how an integrated approach to security and connectivity could help you adapt to new ways of working and achieve the outcomes you need?