The elements of cybersecurity hygiene and secure networks - Part 3
While it’s essential that employees consistently avoid taking risks that could lead to a data breach, even top-performing employees don’t necessarily have top-notch cybersecurity knowledge. Thus, organizations are in charge of bridging the cybersecurity skill gap to keep employees from damaging the company’s network by accidentally uploading of a malicious program or sharing confidential documents with the wrong people.
Though it’s easy for IT and leadership teams to put systems in place that defend their network from external threats, well-intentioned internal users can be a hackers easy way in. The only way for organizations to counter this is with education and training.
- The elements of cybersecurity hygiene and secure networks -- Part 1
- The elements of cybersecurity hygiene and secure networks -- Part 2
To create a culture of security across the organization and increase the level of cybersecurity expertise among employees, make sure to host mandatory training sessions that cover the following topics:
- Email phishing and suspicious links
- Social engineering
- Personal device maintenance and safeguards
- Downloading files and using unauthorized devices
- Procedures for reporting security threats
This is an extensive list, especially if your enterprise has thousands of employees. So, where should you start? The answer is: phishing. During the past year, more than 75 percent of businesses have reported a phishing attack. If that’s not concerning enough, the volume of phishing attempts is growing. If you need any further justification of why phishing should be the first area where you educate your employees: the average cost of a successful phishing attack for a mid-sized company is $1.6 million. Clearly, these attacks are expensive for organizations. Educating employees and setting up the proper reporting procedures is essential to avoid a breach.
No one can deny that word processing software has been a godsend. The biggest flaw is the risk of forgetting to click the "save" button. Many of us can remember the devastation of losing our work because we didn’t save it or back it up.
The same concept also applies in the case of enterprise document security. In a world of ransomware attacks, a company needs to have a backup of their files. To mitigate any damage, the public cloud offers a safe haven for encrypted, backed up data. Why is encryption important? Encrypting backup files in the cloud adds an extra layer of protection against unwelcome third parties. Using a cloud provider allows you to leverage their industry-leading security features to stay one step ahead of hackers. In the event that there is a breach and hackers are able to hold your files for ransom, having a backup in the cloud allows to quickly restore all of your files without paying anything.
Going back to the first example of the text document, it’s not uncommon for employees to accidentally delete important files or to make unwanted modifications to documents. On most traditional networks, even if a file isn’t deleted, any removed or modified information is gone forever if the file isn’t backed up. With public cloud platforms, custom permissions make sure that only the right people have access to documents and, if mistakes are made, past versions of documents are readily available.
There’s no doubt that it’s essential for businesses to put fail safes in place to retrieve accidentally deleted data. While it’s easy to hope that there will never be a need to use your backup data, these days, it’s not a risk that you should be taking. With the proper backups in place, companies have much less to fear.
The implementation of GDPR in 2018 once again brought compliance to the forefront of consumers’ attention. While companies have been navigating complex privacy laws for years, the strict regulations were a harsh reminder for companies that remaining compliant is important. If they don’t, they could face fines in excess of $23 million or 4 percent of their annual revenue.
To quickly summarize GDPR, it’s an EU regulation that applies to any company that handles the personal data of European residents, no matter where the company is based. To comply with GDPR, companies need to precisely control where and how the personal data that they handle is stored. On top of that, people also need to have the ability to update or delete their information at any time. Organizations that don’t follow the rules run the risk of some sizeable monetary punishments. Fines and legal action aside, complying with GDPR and government regulations is good business.
While regulations like GDPR can feel daunting, there are tools out there that are designed to help businesses with corporate compliance. Cloud platforms are one such example. Public cloud companies need to maintain their own set of compliance standards since their standards often overlap with those of their clients, it helps process for organizations using the public cloud far simpler.
The attraction of a huge payday will always incentivize hackers to try to find a way to get a hold of your company’s data. The public cloud offers a safe haven for organizations’ private information, keeping data secure by:
- Using their extensive resources and industry-leading expertise to ensure that your network and infrastructure stay secure.
- Automatically implementing software and security updates without service disruptions or the need to coordinate with other departments.
- Allowing organizations to set up custom permissions and integrated workflows to increase security and improve productivity.
- Automating file management to minimize the risk of human error.
- Providing access controls and change logs to minimize files’ exposure to unwanted modifications and sharing.
- Using aggregated audit data to identify suspicious events and creating automated alerts that allow you to immediately respond to security breaches.
- Automatically backing up and encrypting your files to protect you from ransomware and providing you with a secure file repository in the case of a security breach.
- Making it easier to stay compliant with your industry’s regulations.
- Offering user-friendly security controls, like two-factor authentication, that makes training employees easier while also providing your company with an extra layer of security.
In the arms race of IT security, the public cloud providers come out on top. With leading experts and the latest tech on their side, it’s the public cloud’s full-time job to protect their customers’ information from hackers and malware. However, even the best experts can’t outsmart human error. That’s why, in addition to the public cloud, creating a culture of security with training and education while integrating process automation features from document management tools is the gold standard.
Stéphane Donzé is the founder and CEO of AODocs, a software company he created from the idea that the enterprise's need for compliance and efficient processes is not contradictory with a good user experience. Prior to founding AODocs, he was VP of Engineering at Exalead, a leading enterprise search company. After Exalead was acquired by Dassault Systèmes in 2010, he relocated to California from Paris as VP of Product Strategy. Stéphane has a master's degree in software engineering from Ecole Polytechnique in France (X96). With 19 years of experience in enterprise software, he is passionate about user experience across an organization.