No one could have imagined the changes we experienced in the last 30 months and the impact they would have on our personal and professional lives as well as our increased reliance on information technology.
Cyberspace has moved from being an enabler for business and work to becoming a key weapon in an actual armed conflict between Russia and Ukraine. One of the actions is the interruption of the Russian access to the international payment system, affecting the ability of Russia to participate in the world economy.
All these changes have had a significant impact on the cyber threats faced by us as individuals, our employers, and our clients whilst we were not given time to acclimatize.
Unfortunately, the human factor is still the key contributor to failures and cyber security incidents. Employees and third parties with access to our systems can cause significant interruptions to business processes as well as the disclosure of sensitive information or other events.
CPD Campus recently gave me the opportunity to share some of my experiences in Cyber security and what we can do to safeguard ourselves, our employers and customers from attacks.
Awareness and training are still the number one tool available to decrease the overall risks associated with cyber security risks.
I think it is critical that we re-visit 3 key takeaways from the event:
1. “Bring your own device” policies and procedures:
Employees are often allowed to use their own devices such as cellular phones, tablets and other devices. The biggest problem with this is that the security of the device is in the hands of the employee and there are typically no controls over the data or information on resignation.
These devices can also create
a significant weakness in your corporate network as it is allowed inside the
soft belly of your Information Technology stronghold and several different
types of attacks can be launched from it, rendering your exterior perimeter
2. “Out of the office” security:
Cabin fever is one of the key psychological threats we are facing working from home. Although it seems glamorous working from a restaurant, a park or a similar place, it is elevating the cyber security risk you are facing due to theft, negligence or crime.
Losing a USB drive, printed documentation or having your laptop stolen can all have a significant impact on you, your employer or your client. The typical threats you will be facing also include:
- Interception of communication through unsecured WiFi capability.
- Unintended disclosure of information on the screen when people walk past.
- Video cameras recording the passwords you are entering on the systems.
- Eavesdropping by passers-by.
This may seem unlikely, but with the new video quality and technology, it is possible to intercept your email address and password. This can result in your emails being accessed with an unauthorized device.
If you want to get out of the house, rather pack a picnic basket to unwind, than take your troubles with you.
3. End-user security:
The laptop, cellphone or device used by you pose the biggest entry threat into the network. The information on the devices can be used to avoid perimeter security and other protection measures implemented.
Some of the security features we dealt include:
- The use of anti-virus / Anti Malware software
- The use of personal firewalls
- The encryption of hard drives and other devices
- The impact of the risk posture when using USB drives and similar assets used for backing up your information
- The importance of incident management and reporting
- Responsible and fair use principles
This is only a small part of the areas covered. You are more than welcome to access the recording help you in your efforts to secure yourself, your company and your clients.
In closing, I want to leave you with a few takeaways
which may improve your chances of success significantly in your program to
deploy cyber security.
- The involvement, buy-in and support from senior management and directors are critical. Without this, you will be continuously competing for budget against projects with a higher perceived ROI.
- Without adequate resources, the project will probably be delayed or fail to meet the needs and requirements you identified.
- The implementation of cyber security measures is a journey, not a destination. Celebrate the wins along the way and make sure you continuously deliver.
- Register quick wins by going after the low-hanging fruit first and keeping the complex tasks on schedule.
- Communication, awareness campaigns and training are your friends. This is your biggest weapon to success.
With fines and imprisonment being the penalty for the disclosure of Personal Identifiable Information, cyber security is not a “nice to have” any more or a problem for the IT Department, but for every one of us.