Due to the chaos of the coronavirus pandemic, cyber-attacks have seen a sharp upward curve this year – accelerating the increase that’s been occurring over the last five years.
According to cybersecurity company Darktrace, malicious emails targeting home workers increased from 12% before the first UK lockdown to 60% just six weeks later. Such attacks often aren’t sophisticated, but we’ve seen a rise in more complex breaches, too. 18% of organisations reported a ransomware attack this year, and organized crime gangs are thought to have been responsible for 55% of all attacks.
Regardless of current economic climate, it’s clear that attacks will continue to rise and evolve in sophistication throughout 2021 and beyond. Though plenty of businesses have been adopting new security solutions in recent times, they must also step up to the threat when it comes to internal policies and training.
Here are 5 activities that businesses looking to become data-centric should consider in 2021:
There are many outside solutions that can help with your security posture, but changes should also come from within. Organisations should strongly consider attending virtual training with their MSP and ask them for guidance when it comes to certifications with leading security vendors.
You should also look to hold regular company-wide training to refresh knowledge. Having a well-versed workforce creates a “human firewall”, a significant obstacle for an attacker to overcome in order to breach your business.
Certified training with bodies such as the government’s National Cyber Security Centre scheme (NCSC) can offer individuals even more in-depth education. Via the certified professional scheme, your employees will be properly assessed to ensure they meet national standards and can apply their knowledge in a business environment.
Those in the legal and financial sectors should be especially wary of data breaches, considering the sensitive nature of their data, and need to register with a regulatory body. The UK Data Protection Act requires any organisation that processes personal information and isn’t exempt to register with the ICO.
Beyond legal obligation, registration with the ICO and other regulatory bodies let’s your clients, customers or partners know that you’re serious about data protection. Complying to the standards of a regulatory body will also ultimately better secure your customer’s data and ensure their rights are properly protected.
Regardless of your status with the ICO, it’s a good idea to set up internal policies regarding the handling of data. Identify the different types of information that run through your business, classify them, and decide the level of security that needs to be applied.
Information deemed confidential, for example, shouldn’t be shared outside of the company or even specific departments. There may also be restrictions in other areas, such as the devices from which the information can be accessed. Create a disaster plan of action should any one of your data categories be compromised.
Though there’s plenty you can do with good training and policy, having an ethical hacker test your defences can be invaluable. A penetration test of your business will help get a picture of your infrastructure from an attacker’s perspective – and therefore identify weaknesses you may have missed.
As well as outside threats, a penetration test can help you determine the risks associated with a rogue employee (it happens) who has internal network access. Security experts can then create a plan to mitigate any loopholes.
Finally, you should come to terms with the fact that a single security solution often isn’t enough. Though some bill themselves as “catch-all” solutions, it’s good practice to build a matrix of core and add-on services and solutions that properly protect different areas of the business.
Email is one area where organisations can see major benefits in layered solutions. With 92% of malware starting in the inbox, it’s vital that this threat avenue is heavily barriered. Microsoft EMS and Defender 365 can be utilised for strong email encryption and protection on any device, while Mimecast email security provides up-to-date blocking for spear-phishing, malware, and other campaigns.
If a threat does slip through, solutions like Acronis provide timely backup, ransomware protection, and disaster recovery solutions. To top it all off, sophisticated firewalls can halt threats to your network.