Cyber-attacks have seen a sharp increase this year due to the pandemic and the requirement for home working.
According to cybersecurity company Darktrace, malicious emails targeting home workers increased from twelve percent before the first UK lockdown to sixty percent just six weeks later. Such attacks often aren’t sophisticated, but we’ve seen a rise in more complex breaches, too. 18% of organisations reported a ransomware attack this year, and organised crime gangs are thought to have been responsible for fifty five percent of all attacks.
Regardless of the state of the economy, it is obvious that attacks will continue to rise and evolve in the next year and beyond. Despite many businesses implementing new security solutions, they must also step up to the threat when it comes to internal policies and training.
Here are five activities that businesses looking to become data-centric should consider in 2021:
Get training and get certified
Organisations should strongly consider attending virtual training and ask for guidance when it comes to certifications with leading security vendors.
Hold regular company-wide training to refresh knowledge. Having a knowledgeable workforce creates a “human firewall”, an extra obstacle for an attacker to be able to breach your company data.
Register with a regulatory body
If you operate in the legal and financial sector, you should be especially wary of data breaches to protect your data. The UK Data Protection Act requires any organisation that processes personal information and isn’t exempt to register with the ICO.
Use cybersecurity policies
Regardless of your status with the ICO, it’s a good idea to set up internal policies regarding the handling of data.
Information deemed confidential, for example, shouldn’t be shared outside of your company or even specific departments. There may also be restrictions in other areas, such as the devices from which the information can be accessed.
Consider penetration testing
Having an ethical hacker test your defences can be invaluable. A penetration test of your business will help get a picture of your infrastructure to identify any potential weaknesses.
As well as outside threats, a penetration test can help you determine the risks associated with a rogue employee who has internal network access.
Layer your security
Come to terms with the fact that a single security solution often isn’t enough. It’s good to build a matrix of core and add-on services and solutions that protect different areas of the business.
Email is one area where organisations can see major benefits in layered solutions. With 92% of malware starting in the inbox, it’s vital that this threat avenue is heavily barriered.