ARN

Bolting down business security begins with employees

Unexpected security and economic measures, and an unprecedented shift in the workforce, have underscored what has been a challenging year for business. 

With the COVID-19 pandemic impacting accepted operational norms it has been challenging to plan for the long-term. 

While cybersecurity has also been affected, there are constants that continue to be a key focus. In 2020, employees remained the weakest link in the business security chain. People make mistakes. This year, some of the mistakes were new, but it is becoming easier to prepare for them.

As companies adapted to a world where organisations are constant attacked, so did the threat actors. New attack vectors appeared all the time, taking advantage of any security misconfiguration or vulnerability. Employees became targets.

Communication is just as important as cybersecurity

One of the reasons why wasn’t obvious. A recent Bitdefender study, Bitdefender 10 in 10, found a problem around jargon. It dominates the cybersecurity world and the rapid expansion of services looking to protect against the latest threats aggravated the issue. 

According to one-third of respondents to the survey, new terms are so frequently introduced that it seems like managers  – CISOs/security & IT leaders – are unable to keep on top of the barrage of terms. 

For employees to be security aware and on top of the latest practices it is vital they don’t get bogged down by the jargon. But that’s what is happening, according to Bitdefender.  

Every company faces different risks

There's no silver bullet that will fix global security problems just as there isn’t a list of security measures that once applied will ensure an organisation is secure. Every business is different and has its own definitive security needs.

Some companies will face attacks from nation-state actors looking to steal or disrupt research, while others will battle DDoS assaults or massive phishing campaigns. It was difficult enough to bolt down security when the majority of employees were working in the office but the swing to remote working changed everything in an instant and made what was a complex situation even more so.

The security risks that plagued companies in the past are now 10-times worse thanks to poorly set up home offices. But that problem can be improved with training. Phishing is one of the world's biggest threats but it doesn’t need to be if employees take part in a well-structured training session.

And that’s just the tip of this year’s security mountain. Ransomware attacks diversified to include data breaches and blackmail and APT hackers-for-hire  slowly became a reality. 

Protecting organisations against these problems is difficult but it isn’t impossible, especially if you start at the bottom – with the employee. Secure the base of your business first and it will make it much easier for the rest to follow.