chairman and general manager, netsphere.
As an organization, it’s more important than ever to prioritize cybersecurity, regardless of the industry your business is in. Every industry has a target on its back and has valuable information at risk, whether it’s internal employee information or sensitive customer data. While some industries are particularly vulnerable, such as: healthcare organizations and Financial Institutions, a best practice that applies particularly to all enterprises, is the importance of well-trained personnel who understand how to identify a potential cybersecurity risk and what steps to take. At the executive level, leaders must make the financial investment in a strong IT team that can proactively address cybersecurity threats. They must have strict safeguards, including end-to-end encryption and zero-trust systems, in addition to an actionable plan for dealing with and preventing potential breaches.
As a former director of the U.S. National Broadband Task Force and with over 25 years of experience in the cybersecurity industry, I believe that the biggest threat that employees need to learn to recognize is phishing schemes that take place across multiple channels of communication, usually email. and high quality consumer communication platforms that are often not secure. Text message phishing attacks (commonly known as “smishing”) are also on the rise and should alert companies whose employees use their personal cell phones for work purposes. A recent IBM Threat Intelligence Index found that phishing was the most common way criminals could gain access to an organization’s network. These attacks often occur when employees innocently open an email or click on a link that provides access to internal communications within an organization and the ability to provide valuable information about the employees and their customers and stakeholders.
In addition to these threats that exist at every level, there are specific things your employees may be doing that put your organization at risk.
1. Sharing valuable information through non-secure platforms
As companies become more global and digital, the risk of using insecure communication methods to share information internally increases. Recent, The Wall Street Journal reported that US banks nearly $1 billion in settlements as a result of employees using consumer-grade messaging apps to share privileged and sensitive information. These dangerous practices put businesses at risk, increasing the likelihood of a cybersecurity attack. In fact, in 2021 there were more than 1,800 data breaches reported, an increase of 68% from 2020. In the long run, these unsecured communication platforms can create financial risk and lead to a lack of trust, both internally and externally.
2. Traps for Phishing Attacks
Companies must have trained employees who know how to identify a cybersecurity risk and what to do if a phishing or “smishingattack takes place. People receive a multitude of external emails every day and are used to opening them without thinking about it. However, many of these seemingly innocuous emails give hackers access to internal company data as soon as the email is opened, putting the entire company, its customers and valuable information at risk. The same concept applies to SMS phishing or “smishing” attacks that take place on mobile devices. This is an easily solvable problem when a workforce is armed with comprehensive – and regularly updated – education or training programs, as cybersecurity hacking methods become more technologically advanced. Organizations should consider regular training on cybersecurity best practices and how to spot phishing scams so that their employees have the knowledge to properly address and report these issues.
3. Abusing BYOD Policies in a Growing Number of Remote Employees
As remote and hybrid workforces became more commonplace, so did the use of personal devices for internal business communications, especially via smartphones. A recent IndustryArc study predicts that the bring-your-own-device (BYOD) market will reach $485.5 billion by 2025, especially with a growing demand for flexibility in the workplace. Often connected to an organization’s internal network, BYOD policies allow non-company-regulated devices, such as laptops, smartphones, and even USBs, to access information that would otherwise only be available in a physical workplace where security can be monitored. While BYOD adoption is common, it also creates a significantly greater threat and the potential for phishing and smishing attacks. In addition to possible hacks and data theft, there are other risks, such as a lack of antivirus or firewall protection, an increased chance of losing or losing the device containing this information, and the lack of a stable security plan in the event of a cybersecurity incident.
While the proliferation of remote and hybrid workers adds an additional level of difficulty for organizations to implement the same type of cybersecurity safeguards that existed before the pandemic, keeping the best systems possible is still crucial as hackers develop more technologically advanced ways to target businesses. hack and store the valuable information as ransomware or sell it to another malicious person. The solution here is to implement the best possible cybersecurity safeguards. End-to-end encryption reduces the threat of these dangerous situations by making it more difficult for employees to receive these messages, reducing the risk of a breach of access to internal communications.
These ever-changing workforce dynamics certainly add additional cybersecurity risks, but ultimately, enterprises need to remain proactive in the way they handle security in the workplace, both in-person and remotely. By the time an attack occurs, it is already too late. It is critical to train employees and implement systems that ensure secure communication methods and strategies to combat unavoidable hacking attempts to keep sensitive information private, protect employees, and maintain the trust of customers and organizational stakeholders.
businesskinda.com Business Council is the leading growth and networking organization for entrepreneurs and leaders. Am I eligible?
Janice has been with businesskinda for 5 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider businesskinda team, Janice seeks to understand an audience before creating memorable, persuasive copy.