These articles were written whilst employed with NetworthPick, the website and social media have been deleted, so I have preserved my articles here.
In the ever growing digital world we find ourselves interacting with on a daily basis, keeping safe using it remains a key concern. Whilst schools are focusing these days on teaching basic cyber security, the level of education given is lacking behind the advancements being faced in the digital world. Looking outside of just schools and younger persons now, the level of cyber security education among the general public hasn’t mirrored the rise in adoption of technology.
It seems that since the pandemic has affected the world, the rise in digital scams has gone through the roof, it seems almost daily we are receiving text messages and emails from scrupulous individuals trying to steal our money or data. With so much of our daily lives being spent online, the possible risks are only growing. When it comes to businesses, the possible losses through cyber security are great, through not only losses due to criminal acts, but through fines through the mishandling of data in the case of data leaks.
Training has always been something that is standard to workplaces these days, however despite the focus on physical Health & Safety or on-site security, less focus is being spent on training about how to responsibly use or operate digital systems. As technology bleeds more and more into our work and daily lives, doesn’t it make sense to give the same level of training to digital safety as much as we train for physical safety. This article will hope to answer that question by explaining the different types of cybersecurity threats which might affect a business and suggest ways in which to mitigate these threats.
Threats Businesses Face
Whether you are a business owner, management or employee, protecting yourself from cyber threats should be a key priority. Possible issues can arise from malicious and accidental situations alike. Understanding these threats will help us protect our systems and our data going forward.
Data Breaches / Leaks
One of the most discussed cybersecurity threats which a business could face is that of ‘Data Breaches or Leaks.’ This is where, through malicious or accidental means, the company’s data gets leaked online. This can involve personal business information like financial documents, emails, texts. Also, these leaks can contain identifiable customer information. With all of these possible avenues of this threat affecting the company, it’s important to understand ways in which you can try to prevent this as a business.
There are many approaches when it comes to improving company security around data breaches, and usually a selection of multiple will be the ideal way of best protecting your data. Primarily the easiest way to mitigate the risk of a data breach is to restrict access to this data. In practice this can involve making sure only those members of staff who require access to the data be able to access it. These members of staff with this added responsibility should be well trained on the company security policies and best practices. This training should be gone over regularly to assure all relevant members of staff keep their training up to date and relevant.
Ransomware
Another big issue making the news regularly is that of Ransomware, this, put simply, is where a malicious piece of software has infiltrated a system and encrypted all of the data found on it. This data is then locked behind a random asking for payment to unlock your files. Whilst in a lot of these occasions the data is unlocked when the ransom is paid, it should never be the policy to just pay money to possible organised crime groups when this happens.
Ransomware attacks have been widespread the past few years with Hospitals, Courts and Governments getting affected. Individuals themselves have also seen a higher risk of suffering from these attacks. Thankfully there are some approaches to cybersecurity businesses and individuals can adopt to mitigate and prevent the damage from these kinds of attacks.
These kinds of attacks usually get their way into businesses through links found in emails, or texts. Or through inadvertently or maliciously infection through physical media like USB’s.
The first main method in protecting your business from Ransomware attacks is to keep regular, separate backups. By having recent backups to restore to, in the event of a Ransomware attack you can easily wipe the storage which has been affected and restore the data without the need for paying, with minimal loss. However, with these backups it’s important to have them stored separately from the main storage to prevent the backups being affected as well. It may be beneficial to store multiple copies of backups, with one of them being stored locally, not connected to any networks.
The second method in which a business can protect itself better from Ransomware attacks is through good training on cyber security to all staff, educating them on the possible dangers of opening links from unknown sources on work computers, and making sure any physical media which has been used outside the office be virus checked before being used again on site.
Regulation Compliance
Looking outside of the issues and threats faced directly to business now and on to the legal and financial repercussions which could be faced by an organisation. Since the adoption of GDPR by the EU in 2016, and the post-Brexit UK-GDPR laws in 2018, the way in which businesses and organisations use and store persons data have been heavily scrutinised. These laws stipulate how you should collect, record, store, use, analyse, combine, disclose or delete the data in which you have. The penalties for not following these rules are quite severe with the maximum fine being £17.5 million or 4% of annual global turnover. (Whichever is greater)
There is a large amount of resources to be found regarding UK-GDPR and the ways in which you make sure your business is compliant. Keep an eye-out at NetWorthPick for a future article breaking down the key parts of the UK-GDPR and how you can make your business compliant.
In summary, however, a lot of this comes down to structure and education. With the responsibility of how we interact with other people’s data being a primary concern for businesses now, constant education and refreshers on these policies and laws can be complied with.
Types of Education
As with most things in life, there are many different approaches to educating your workforce about these cybersecurity threats. The traditional method of bringing in an organsiation or a charity to run workshops and seminars on the key information. This has the benefit of being a familiar method of delivery for more experienced members of the workforce who have experienced a similar delivery to training for other information. It’s important to research the organisation you are bringing in, however, as in recent years the ‘Digital Education’ Industry has become quite saturated with low rate educational services. Especially if paying another firm to run this training, it is important to make sure you are getting value for money with the training you are getting.
A more modern approach to delivering this training (especially in a post-pandemic world) is through online training. This can be done in a similar way to the traditional methods mentioned above but delivered through video calls and presentations. This type of delivery has the benefit of working really well for companies that have adopted a ‘Work From Home’ policy so the logistics of bringing an organisation in the office doesn’t work too well in these offices. Even in-person working training done online can lend itself quite naturally to the subject of the training given. If an employee can gain confidence in using computers whilst also learning more about cybersecurity, that can only be of a greater benefit to the business. This approach, however, comes with similar drawbacks to the solution mentioned above, with a large number of companies opening up to offer similar offerings. As with any business decision you should do your due diligence and research any company or provider that you plan on using.
To avoid having to bring people in from external sources, it could be worth bolstering up your department with dedicated internal staff devoted to the training and development of safe online working policies. This structural change would allow for better confidence and cohesion when it comes to cyber security and allow you to deliver bespoke training to the areas which need specific guidance with the role which they have.
In Conclusion
After all of that it should be understandable why education on cybersecurity is important for businesses to do. Different approaches will suit different organisations better, but they all come down to finding ways to better educate your workforce on how to be safer online, and using technology. The benefits from this will not only be in the short term with mitigation from the various cybersecurity threats but also in the long run will lead to a more confident workforce and lead to better productivity through the use of digital technologies.