August 25, 2020 Reviewing Cyber Security
At the start of the lockdown in March 2020 we looked at some of the cyber security challenges facing companies whose people were having to work from home; many for the first time. In particular we focused on four areas which been highlighted by the south-west cyber protection unit from Devon and Somerset police; namely, phishing, passwords, communications, and physical security.
Five months on and we thought we would take a look at how businesses have fared over the lockdown period. While undoubtedly the availability of homeworking solutions has enabled many organisations to keep going when otherwise they may not have been able to do so, it is fair to say that it hasn’t all been plain sailing. So much so that a survey by software company Centrify revealed that 39% of businesses had dismissed staff over the lockdown period due to cyber security breaches. And that isn’t the end of the story with 58% of companies believing that employees were more likely to try and circumvent security precautions when working away from the office.
On a more positive note a survey from Hiscox reported that the percentage of UK companies reporting at least one cyber breach in the previous year had fallen from 55% to 30%. This may be partly due to an increased IT spend on cyber security from 10% to 12% of budget. However 11% of companies didn’t know how many times they had been targeted, perhaps reflecting a lack of cyber security specialists within small companies.
Responses to these surveys and others strongly indicate the need for companies to not only remain vigilant but also to provide ongoing cyber security awareness training for their people. In fact, as the Hiscox report says “regular training to drive awareness through the workforce is vital.” That training needn’t cost much but it could be a cost-effective use of resources; particularly when set against the potential costs associated with data breaches. Other simple measures being taken by organisations include a ban on using personal equipment for business purposes and instilling scalable access privileges, thereby preventing secure data being accessed by those who have no need to do so.
It takes less than a second to click on a link. But that single click could result in a significant loss to the organisation alongside a fall in share price and reputation. Over recent months Covid survival has been the name of the game. As we move towards a new pattern of working it may well be time to review and refresh cyber security precautions.