Why Companies Need Additional Online Security And How To Shore Up Their Protective Measures
Now more than ever, the pressure is on for business leaders across industries to adopt greater cybersecurity frameworks and technology. Yet despite the risks, it is estimated that more than half of businesses remain unprepared for an attack, and those that have adopted some form of cybersecurity technology or policy may still not have an appropriate framework in place to manage the risk inherent in a higher level of virtual connectivity and mobility in the modern workplace.
But in my experience, no organization is immune. The threat of loss from malware attacks, hacking and data theft is a real concern for public and private enterprises, on both a large and small scale. Experts recently estimated that the total cost of cybercrime to the global economy in 2016 was over $450 billion.
But despite the evidence that cybersecurity threats pose a tremendous risk, many organizations do not yet have an effective online cybersecurity strategy in place. Well-meaning attempts at risk management often include incomplete strategies, such as:
• Attempts to train employees to avoid phishing scams and malware.
• Implementing official policies to manage the risk of employee mobile device use and imposed restrictions that limit access to internal data.
• Installation of anti-virus software, firewalls and other defensive technologies.
• Safety net data backup and storage as a just-in-case recovery measure.
These are all useful security measures, but organizational leadership must recognize that traditional strategies are no longer enough to manage the risk because we live and work in an increasingly virtual, interconnected information space. We share and store information through fluid wireless networks — often outside of a traditional office.
How Virtual Offices Will Evolve To Require Increased Online Security
To counter the risk, organizations must adopt advanced online security measures. We can see the evidence of the increasingly virtual nature of our offices and why that would be necessary, in the following four examples:
1. The virtual office: Even when we work in a traditional brick-and-mortar environment, our offices are built on virtual technology to share and store information. For example, many offices use Dropbox to share and store files. Or, consider how frequently people use email, rather than drop by someone’s desk, to ask questions and provide updates. To manage projects, we use Salesforce or Google calendar to share invitations.
2. Migration to the cloud: Many companies are migrating data and assets to both the public and private clouds. By definition, use of the cloud requires online security measures to ensure the privacy and security of company assets and private consumer information.
3. The need for agility: To meet an increased need for security in online access, new policies are being set to determine employees’ access levels to data in order to ensure security and protection against malware attacks. Companies are moving beyond firewalls to adopt inclusive unified threat management (UTM) products in an attempt to detect system intruders, viruses, spam and other security threats. But, as enterprise becomes agile to stay competitive, locking down employees and restricting access internally is not a complete long-term solution.
4. Increasing mobility: As the office becomes more virtual, professionals are already less tethered and more mobile. Companies are searching for protective measures for employees using their own mobile devices for work and accessing company assets and information in coffee shops, airports and through other public access points while on the move.
The following best practices may be used to provide stronger protections and enhance existing strategies for cybersecurity.
Best Practices For Cybersecurity In An Era Of Virtual Workspaces
• All business, including small and mid-sized enterprises, should maintain an IT professional on staff. For smaller organizations with a tighter budget, leadership should consider bringing in an IT consultant to access the initial network setup or review the company network and company policies for any vulnerabilities.
• A virtual private network (VPN) may be used to access data wirelessly with increased security. A VPN acts as a guard for privacy and increases security by masking access points and creating private tunnels or wires to send and receive information online.
• Use enhanced security with cloud-based storage to ensure that data is protected.
• Create a strong password policy for remote workers to access organizational data.
• Require all remote employees to use only secure web mail programs that encrypt messages before they are sent.
• Review and set effective policies for use of mobile devices. Viruses and malware pose a threat to business, and the installation of protective software is not enough to counter the threat. Remote workers typically do not update their malware programs which provides a weak link into the corporate network. Hackers take advantage of this and will target the remote machine rather than the business network for this reason.
As employees become more mobile, these best practices will become even more important to adopt to protect company assets — no matter the size of the organization. Although most large organizations already have IT staff in place to deal with systems issues and security, all business leaders should review policies and make sure efforts are updated regularly. I recommend that all organizations set a timeframe for IT staff to perform network reviews to monitor for vulnerabilities. If your team isn't already using secure, cloud-based storage to segregate employee accessible data and applications from critical on-premise data, that update is a good place for your team to start.
What can business leaders and decision makers do if hiring an IT professional remains inaccessible? Self-education is paramount. There is a wealth of free information on the internet. Other great first steps are to get involved in social networking and local organizations to exchange ideas and gain valuable service references, as well. I recommend contacting the local chamber of commerce. There are many conventions, seminars and classes available where business owners can learn about all latest network security options.
As industry continues to move forward, industry-wide adoption of improved online security will become a driving force for organizations that want to stay competitive.