A Barracuda Networks survey discovered that 46% of organisations across the UK, US, France and Germany have suffered at least one “cybersecurity scare” since the coronavirus lockdown began.
This is due to lockdowns forcing companies in to remote-working meaning that employees are now working from laptops via their home broadband connection.
We spoke with Sunita Varsani; HR Director of Fifosys – an outsourced IT provider based in London who help business protect themselves from cyber threats.
According to her, the challenge is threefold.
Firstly, many organisations weren’t ready for lockdown and hadn’t installed the necessary cyber-security software on to the new work-from-home laptops. In fact, many still haven’t.
Some employees are actually using their own personal laptop for work; a device over which the employer, understandably, has little control. This laptop may be being used for a whole host of things that render it vulnerable to being compromised; such as illegally downloading movies/music or watching illegal sports streams.
Employees are doing almost all of their work and communication online from their home broadband connection. So, not only has the amount of sensitive data being communicated via email, Slack, Zoom and others increased, but this is all being hosted on a potentially less-secure connection. A connection potentially being shared by housemates or a spouse; further extending the bubble of vulnerability.
Given remote working on this scale is novel for most, business hadn’t prepared the necessary training for staff on how to protect their devices from attack. According to Barracuda Networks’s survey, 51% of organisations have recorded an increase in phishing attacks since the lockdown began, rendering this especially high risk.
Cyber Security has typically been an IT issue, so why is the above of interest to HR professionals?
Cyber Security is a collective responsibility. All employees must ensure that they are protecting the organisations data, and are not exposing their systems to cyber criminals. The role of HR is to ensure that the necessary policies, training, culture, behaviours and internal communication is in place to minimise vulnerabilities.
In 2014, a Morrisons employee maliciously leaked confidential staff data of 10 000 as a form of retaliation after a disagreement with his employer. Ultimately, Morrisons were found liable for the actions of the guilty individual and are now embroiled in a compensation claim whilst also suffering from a loss of trust among their employees and unwanted PR.
How to get started:
- Develop policies
These should cover the acceptable use of devices and security measures. A general rule is that employees should only have as much access as they need to perform their job and additional system access can be granted on request for a period of time. Once an employee leaves the organisation all access should be revoked. This policy should be including within the new joiner onboarding pack and may be worth re-circling now given the spike in issues. Without robust policies it is very difficult to hold employees to account and ensure a consistent standard of conduct.
- Staff training
In partnership with IT, design mandatory training on cyber-security and data protection to raise awareness of threats, and ensure employees understand what they should and should not be doing. This training should be repeated from time to time to keep it front of mind and ensure all new-joiners have access to the information.
- Communicate about it
Prevent cyber security from falling by the wayside by communicating its importance regularly. Liaise with IT to regularly update employees on new scams & threats, use real-life examples of attacks and remind employees of their responsibility to stick to the process and keep everybody’s data safe.
- Gain visibility
In addition to the necessary firewalls, etc, modern cyber security products also offer organisations visibility over which employees are failing to adhere to the company security policies. Heads of department can then be held accountable for the actions of their team, and trained on how to ensure standards are improved and repeated cases are managed accordingly.
Fifosys protect businesses, large and small, from cyber attacks and are available to discuss any of the matters covered here. The process kicks off with an audit of current protection and risks before providing guidance, product suggestions and training. If 2020 has taught us anything, it’s that its prevention is better than cure! Enquire now to discuss how they can help keep you safe.
Fifosys run free monthly Cyber Security roundtable sessions. If you or your colleagues wish to be invited to future sessions please contact Mitesh at firstname.lastname@example.org