How to protect your organization from internal and external threats to cybersecurity
While remote work has ushered in unprecedented freedom and flexibility for thousands of employees, it also exposes workplaces to more cybersecurity threats.
When employees work from home, traditional IT departments have less control over devices and networks, leaving open the possibility of internal and external data breaches.
Last year, for example, two-thirds of all data breaches were caused by insiders, while one-third were caused by hackers, malware, phishing and other external threats, said Joe Payne, CEO of Code42, a cybersecurity platform.
Next year, the combined factors of remote work, job insecurity and increased ease of moving data will combine to produce an increase in insider incidents, according to a recent report by Forrester.
“What employers should be thinking about at the end of the year is: Do I have programs in place that protect me against both external threats as well as internal data leakage?” asks Payne.
Training, transparency and technology are the three keys of a robust strategy against insider threats, according to Payne.
Comprehensive training to make sure employees understand what they can and cannot do with workplace data is essential, especially as the use of cloud-based collaboration tools increases.
Thirty-six percent of workers believe that the increased emphasis on sharing and collaboration has made them more complacent about data security, according to a recent report by Code42 based on a survey of 4,505 knowledge workers. Thirty-seven percent of workers use unauthorized apps daily to share files with colleagues.
Employees should understand company policies about software use, data ownership and intellectual property.
“A lot of folks who have been digital their whole lives just assume that any data that they've created at their job they can take with them,” says Payne.
Employers should also seek to be transparent about what activities the company is monitoring on work-issued laptops, tools and networks and why. If staff don’t understand why a threat program is in place, they may resent or grow fearful of it, according to the company.
Finally, employers should have technology in place to monitor compliance with their security policies. Technology can support employers in detecting, investigating and responding to data breaches as soon as they happen.
As far as external threats, Payne suggests straightforward measures that all employees should take while working from home, including:
- Update software frequently
- Back up data
- Keep anti-malware protection up to speed
- Turn on two-factor authentication everywhere it’s available
- Be aware of phishing scams.
“Simple rules to live by, the things that I tell my wife, kids, friends and business associates,” says Payne. “And when in doubt, don't click it.”