• Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Posts Tagged :

VIPRE

Data security in the new business world

960 640 Guest Blog

By Andrea Babbs, Country Manager and Head of Sales for VIPRE Security Limited

With many businesses having to overhaul their operations overnight to enable their staff to work from home due to Covid-19, maintaining as close to business as usual was an absolute priority. But in the rush to implement collaboration tools to get employees up and running for business continuity, cyber security was pushed further down the list of priorities, potentially putting organisational data at significant risk. 

Many businesses may have already had some level of cyber security protection in place, but the shift in working environments and practices means that the emphasis on data security must be reinforced. Some IT security leaders have seen a 30,000% increase in Covid-19 themed attacks, as cyber-criminals continue to use the current global crisis as an opportunity to target potentially vulnerable end-user systems. With a de-centralised workforce, there is an even greater need for employees to take responsibility for keeping sensitive company information secure, and not just rely on security software to assume the role of data guardian. 

Harder, better, faster

While the transition to remote and flexible working has been implemented gradually across many organisations over the years, the overnight change triggered by government protocol has had a dramatic impact on employee working practices. With no peer review or easy access to conversational questions to quickly ask: “does this email look strange to you?”, employees are potentially at increased risk of falling foul of phishing scams. 

Add to this the heightened pressures of staff feeling the need to work harder, faster, for longer and demonstrate how much they are actually working when at home, it’s no surprise that mistakes are made. For example, responding to emails immediately rather than taking the time to stop and think whether the email is actually genuine, or giving out sensitive information over the phone to be seen as helpful during a difficult and stressful time. 

Reinforcing responsibility

With tools to support employees that reinforce the need to think before they press send on an email, and consider whether it is authentic or not, employees can assume some of the responsibility for keeping data secure. And as 53% of data breaches are classified as insider, clearly the workforce has a critical role to play in an organisation’s cyber defence strategy. 

Businesses can support employees to avoid commonly made mistakes such as forgetting to attach a document when you wrote that you had, or sending misaddressed emails or attaching incorrect information by deploying technology such as VIPRE’s Safe Send which provides a simple safety check. This provides the user with a prompt prior to any email being sent, reminding employees to double check and confirm the addressee and what has been attached. Parameters can also be set to add certain domains to an allow list, or the solution can be deployed on a department or user basis. For example, financial data is highly sensitive, so may require confirmation for all emails, but another department may only need checks on external emails. 

Certain keywords can also be defined, so when those keywords are identified within an email – an unreleased new product name, for example – an additional confirmation is prompted before the email is sent, allowing for that all important double check that the right person is being sent the right information. 

Technology provides a vital piece of the cyber security puzzle through high quality layered protection that covers email security, web and end-point protection. As the threat landscape is arguably evolving at a faster rate than ever before, coupled with the workplace shifting to a new normal – these tools have never been more critical.

Focusing on the user is also key, educating them and empowering them to take some responsibility for data security, supported by innovative software – not just relying on the IT department. Those that adopt such an approach will be far more successful than those that rely on technology in isolation. 

The race to normality

In the rush to keep ‘business as usual’ during such uncertain times, businesses may have inadvertently made their security infrastructure vulnerable to data breach – be that from external threats or accidental insider data leakage. As we slowly make the transition from home working to moving back to the office, or transforming to a hybrid workforce, security needs to be reinforced yet again, with a combination of reminders, prompts and continuous training. 

Employees are a vital tool in a business’ arsenal, so they must be regularly trained and reminded about how they can stay one step ahead of cyber threats. But it’s human nature to make mistakes and as such, employees must be appropriately supported with intuitive technology that can spot anomalies, errors and factors that fall outside of set parameters to highlight where potential threats, scams and faults are about to take place.

Hacking

GUEST BLOG: Combatting the threat of accidental insider data leakage

960 640 Guest Blog

By Andrea Babbs, UK General Manager, VIPRE SafeSend

Cybercrime has rapidly become the world’s fastest growing form of criminal activity, and is showing no sign of slowing down with the number of attacks on businesses rising by more than 50% in the last year alone.

While most corporates have made significant efforts to invest in cybersecurity defences to protect their organisations from the outside threat of cybercrime, few have addressed the risk of breaches that stem from the inside in the same way. Insider threats can come from accidental error, such as an employee mistakenly sending a sensitive document to the wrong contact, or from negligence such as an employee downloading unauthorised software that results in a virus spreading through the company’s systems. 

We’re all guilty of accidentally hitting send on an email to the wrong person, or attaching the wrong document; but current levels of complacency around email security culture are becoming an ever greater threat. Few organisations have a clear strategy for helping their employees understand how a simple error can put the company at significant risk; even fewer have a strategy for mitigating that risk and protecting their staff from becoming an inside threat. 

So where does the responsibility lie to ensure that company data is kept secure and confidential? 

According to reports, 34% of all breaches are caused by insider fault, yet many employees are unaware of their responsibility when it comes to data protection. With employee carelessness and complacency the leading causes of data breaches – understandable when human error is inevitable in pressured working environments – there is clearly a lack of awareness and training. And while there is an obvious and urgent need for better employee education, should IT leaders not be doing more to provide the tools that take the risk of making accidental mistakes out of employees’ hands?

With simple technology in place that provides an essential double check for employees – with parameters determined by corporate security protocols – before they send sensitive information via email, accidental data loss can be minimised and an improved and proactive email securityculture achieved. In addition to checking the validity of outbound and inbound email addresses and attachments – thereby also minimising the risk of staff falling foul of a phishing attack – the technology can also be used to check for keywords and data strings in the body of the email, to identify confidential or sensitive data before the user clicks send.

In order for organisations to limit the number of insider data breaches, it’s crucial for employees to understand the role they play in keeping the company’s data secure. But in addition to supporting employees with training, deploying an essential tool that prompts for a second check and warns when a mistake is about to be made, organisations can mitigate the risk of accidental error, and the potentially devastating consequences that might have on the business. 

Email is arguably the key productivity tool in most working environments today; placing the full burden of responsibility for the security of that tool on employees is both an unnecessary overhead and, increasingly, a security risk. In contrast, supporting staff with a simple, extra prompt for them to double check they aren’t mistakenly sharing confidential data raises awareness, understanding and provides that essential security lock-step – before it’s too late.