When it comes to cyberattacks, it’s not enough to have the best technology. HR needs to take an active hand in staff training.
Australia is recognised as being one of the most technologically advanced countries in its region, with an increasingly mobile workforce helping to foster a more agile and productive business landscape.
However, alongside these innovations come a rising number of cyberattacks – for example, the recent spate of ransomware breaches, from Wannacry to NotPetya, which hit corporations like Qantas. Research suggests that businesses operating in Australia are nine times more vulnerable to cyberattacks than other Asian economies and there was a 109 per cent increase in the number of detected security incidents in Australia in 2016 compared to the previous year, according to a PWC Survey.
So it’s no surprise organisations in Australia are investing in more robust infrastructure to protect their data, assets and reputation, from advanced machine learning and artificial intelligence, to cloud based monitoring and analysis technologies. Yet the effectiveness of these solutions is increasingly dependent on one often overlooked business resource – employees.
With the rise in BYOD and flexible working, employees are often the biggest threat to safeguarding a company’s data. Staff negligence and indifference to IT policy is one of the most significant inhibitors to cloud security. Further, there is a clear lack of understanding.
According to this survey, almost two-thirds of companies attribute employees “lack of cyber security knowledge” as the biggest inside threat and only one in ten Asia Pacific companies fully understand how cyberattacks are performed
In recent research undertaken by The Ponemon Institute for Citrix, “The Need for a New IT Security Architecture: Global Study”, over half (60 per cent) of respondents stated that employees and third parties bypass security policies and technologies because they are too complex.
If individual employees are not fully aware of how breaches occur and do not take steps to not only protect IP – such as monitoring issues and alerting managers when they rise – the door is left open for cyberattacks. After all, it only takes one unpatched computer to gain access to a network, which can spread to other systems like wild fire.
Here are some tips for securing your frontline:
1. Embedding security into everyday operations
Security needs to be embedded into the day-to-day running of the business to ensure it becomes ingrained in core business processes. It’s like a ‘human firewall’, where employees become integral to the security solutions rather than walking vulnerabilities.
Security policies should be developed collaboratively across the company from the top to the bottom, with input from as many stakeholders as possible playing an equal part. Regular training is also best approached on a collective basis and should be more than one standard session per year.
2. Adopting a hearts and minds approach
Taking it a step further, smart organisations should take an even more active role in engaging and uniting employees against breaches. Creating a culture of security advocates who are well informed and feel compelled to help protect the intellectual property of their employer is vital to long-term protection.
This can be enabled and promoted in various ways, including the use of fake phishing attempts or mock breaches to develop the security awareness of employees, and their ability to recognise potential attacks.
These mock attacks are a highly effective tool, firstly as a test bed to gauge the level of vulnerability of your organisation, and also as an interactive way of educating employees on best practice, safe behaviours and as a way of motivating team members.
3. Securing data from the bottom up
Any approach must be underpinned by the appropriate technology infrastructure to support and protect a modern, collaborative and mobile workforce, while ensuring data is safe.
When surveyed, 44 per cent of respondents from Australia stated visibility into all business-critical applications and systems, was critical for a successful security framework. Core pillars should include; identity and access, network security, app security, data security, and monitoring and response.
Any technology deployed to support your business’ security needs should provide you with a view across the organisation, the network, apps, data and down to an employee level to help ensure critical assets are secured to suit the demands of the modern workforce. Employees can then work productively from anywhere, without security being compromised.
With the ongoing spotlight on cyber security and threats constantly evolving, coupled with an increasingly mobile workforce, it’s clear that robust infrastructure is only fully effective when supported by proactive, educated and breach savvy staff.
Les Williamson is area vice president, sales and services, Citrix A/NZ