Phishing is the fraudulent use of electronic communications to try and obtain sensitive information, such as usernames, passwords and credit card details by posing as a legitimate institution. Phishing attacks attempt to get individuals to click on a malicious link and enter confidential information to steal their identity, funds or to be the first step in a serious cyberattack against an organisation.
All organisations store data, and regardless of whether it's a recipe or an algorithm, this data is an organisation's most prized asset, which is why hackers make it their target. The Cyber Security Breaches Survey 2019 from the Department for Digital, Culture, Media & Sport (DCMS) found that 32% of businesses identified cyber security breaches or attacks in the last 12 months, which have cost an average of £4,180 in lost data and assets
Organisations generate millions of system logs every day from the likes of servers, firewalls and network devices. Their ability to process, analyse and react to this information affects how they will manage any security risks and incidents. To help process this data, many organisations implement a Security Incident and Event Management (SIEM) system or outsource to a Cyber Security Operations Centre (CSOC) for their monitoring, which provides a real-time analysis of security alerts.
Cybercriminals are only getting more cunning and skilful with their cyber attacks, which is bad news for organisations when it comes to meeting privacy and compliance regulations. There can be significant legal implications for organisations if their data is not secure and regulations are not met. For instance, since the GDPR (General Data Protection Regulation) came into effect in May 2018, data protection regulators have imposed 114 million euros (approximately 97 million pound) worth of fines under the GDPR regime (GDPR Data Breach Survey 2020 by DLA Piper).
With cyber breaches growing in volume and frequency (Carbon Black reported that 88% of UK organisations suffered a breach in 2018) you can guarantee that your organisation will be targeted by cybercriminals at some point.
The short answer is yes - thousands of businesses are grappling with DX, however most do not consider themselves to be completely 'transformed' yet. Many of the largest Pharma organisations have launched initiatives and created entire departments focused on innovation, and are well on their way to operating in the same way an organisation which has completed its DX journey so far, is.
Cyber professionals say that companies involved in the manufacturing industry are more exposed to cyber-attacks. This was revealed by a number of studies produced by the Manufacturers Alliance for Productivity and Innovation (MAPI). According to MAPI; 40% of manufacturing firms experienced a cyber-attack within the last year. Of those attacked, 38% of them suffered over $1 million in damages.
Now more than ever, digital security is a team effort, with staff at all levels of an organisation having an active part to play in keeping critical business data safe. With the outbreak of COVID-19, and an unprecedented volume of staff working from home, robust security policies and systems are no longer enough - each and every member of staff must consider security as a fundamental part of their developing remote working routines.
But what can each of us personally do to ensure our organisations maintain their usual standards of security for the duration of this crisis, without letting such measures detract from our day-to-day work? Here are a few starting points…
Be prepared
If you're new to remote working, don't go in blind. Take the time to re-familiarise yourself with your company's security policies (particularly any new ones for home workers) and be sure to attend any training sessions that are on offer (as many organisations are rolling out remote training sessions for home workers, there are no excuses!). This will make the transition far smoother and allow you to stay focused on your work.
Secure your router
At Exponential-e, we always say that 'your Cloud is only as good as your network'. In the same way, your remote working solution is only as good as your router. As above, make sure its password is secure (especially if you've never changed its pre-set password!) and take any recommended security measures, both from your network provider and your IT team.
Check your passwords
This is a familiar refrain in the world of data security, but it always bears repeating. Familiarise yourself with current best practice regarding password creation (there are plenty of useful resources available online for this) and avoid reusing passwords. While memorising multiple passwords for each platform you use for work is certainly inconvenient, there are many excellent password manager tools available. Ask your IT team which one they would recommend, as your company may already require employees to use a specific one.
Enable updates
We all know how irritating requests to install updates on our personal devices can be, but in our current climate, it's more important than ever. More than just keeping your own devices secure, a single instance of malware could bring down your entire company network, so don't take any chances. Ensure you install all recommended updates, or – better yet – enable automatic updates. This will ensure your devices are always protected against the latest security threats.
Ask!
As we've already mentioned several times in this post, if you are unsure about anything when it comes to data security, don't guess… ask the right person! In particular, your IT team will be more than happy to advise you about security best practice when home working, or alternatively, consider Exponential-e's Cyber Security Advisory service, which was created to provide a 'one stop shop' for any security-related concerns you may have.
In the meantime, download our Working from Home Checklist, which breaks down all the key elements of secure remote working.
In recent weeks, companies across the UK have found themselves transitioning to a remote workforce with little to no choice, despite the approach previously being treated as solely for limited or specific circumstances. There's no doubt that the rapid implementation of a whole new way of working presents considerable challenges, but as the Exponential-e teams who've partnered with organisations across a range of sectors to do so have demonstrated, it is very much achievable, provided you start with the right solutions in place.
In particular, consider the following…
A secure VPN
Virtual Private Networks have long been the benchmark solution for remote working, but with the spread of COVID-19, we are seeing companies moving from maintaining a few VPN licenses for specific instances to deploying them for their whole workforce. However, there's a good reason for this – if implemented correctly, it maximises security by encrypting all data you send through your company network. While you may require a cloud-based solution for specific applications, a quality VPN is an intelligent foundation for your day-to-day work.
A password manager
It's no secret that reusing passwords across different platforms presents a great risk of cyber criminals accessing corporate systems through guesswork. Nonetheless, it's still tempting for employees to do so due to the difficulty in keeping track of large numbers of unique passwords, especially when they need to be regularly updated, in line with internal security protocols. Fortunately, a password manager tool which integrates with your web browser makes it easy to keep your passwords secure, while still ensuring they are available when you need them. Ask your IT team if they recommend a specific one.
Automated backups
External backups are a key part of any effective business continuity and disaster recovery strategy, which should still be the case when you're working from home rather than the office. Your company is likely to have a system in place for this, particularly if you have already adopted a cloud-based strategy, so ensure you follow all guidelines when you begin remote working.
The right WFH solution
One of the biggest obstacles to remote working in the past has been the need to maintain continuity with existing business processes and systems, ensuring work can be conducted as normal, without compromising either security or efficiency. Fortunately, there are several ways of doing this, but it's important to be conscious of security when using such solutions, and always use the one recommended by your IT team. A proven, trusted platform like Exponential-e's Working from Home solution is ideal, allowing teams to continue using your company's preferred tools as normal, regardless of where they are logging on from. This will ensure a smooth transition to remote working for the entire workforce.
Two-factor or multi-factor authentication
Related to the above, two-factor or multi-factor authentication provides an extra level of peace of mind, by creating an extra obstacle for cyber criminals, even if one of your passwords is compromised. As password theft measures have become increasingly sophisticated over the years, this is no longer a 'nice to have' measure - it should be a standard part of your remote working systems and wider security policies.
Effective anti-virus protection
Viruses continue to evolve on a near-daily basis, and which means a robust anti-virus solution should still be your first line of defence and may even give you time to secure your infrastructure in the event of a password being compromised. Make sure an industry-standard solution is installed on all your devices and enable automatic updates.
Organisations around the world are moving closer and closer to establishing a new standard of best practice for remote working, with new tools and processes revealing themselves in response to the current pandemic. well for the future and our 'new normal', it's important that we treat our new home working environments with the same level of diligence we do our offices. If remote workers at all levels ensure the usual standards of security are maintained at all times, we will be able to focus on the range of ways home working can potentially act as a springboard for future growth.
Here are a few key points to bear in mind…
Always be suspicious of links
Cyber-crime is constantly evolving and shows no signs of slowing down during our current pandemic, which means we must all stay vigilant and exercise caution before clicking on any links we receive. Even if a link is from a legitimate-looking email address, check before clicking on it, as you can hover over it with your cursor to view the URL. If you have any concerns, alert your security team. In particular, watch out for 'working from home' scams, where fake websites offer 'home testing' kits or – in certain cases – cures for COVID-19. Avoid these at all costs, in order to keep both your personal bank account and your organisation's network secure.
Stay smart when sharing documents
When connecting to your company network from home, it's important that you ensure all the same security measures that would be utilised in the office are still in place, with all communications properly encrypted. Your IT team should always have an established set of procedures and tools for securely sharing documents – especially those that contain sensitive data – so be sure to revise this if you haven't already and avoid using any third-party platforms for this purpose.
Lock your device!
Most professionals are already familiar with best practice whenever it comes to leaving devices unattended in the workplace, and in our current lockdown, it's unlikely any of us will accidentally leave work devices on public transport. But it's' essential that we do not let those practices slip while we're working from home. We've all heard funny stories in the news about when children get access to their parents' phones, but when our devices are connected to our business networks, it's important that they're 100% inaccessible to everyone except us. Even something as simple as a family member clicking on an unsecure website could lead to a costly security breach.
The Department for Digital, Culture, Media and Sport found that only 32% of charities have performed a cyber-risk assessment in the last 12 months (The Cyber Security Breaches Survey 2019), meaning there are a significant number of charities that could potentially not understand all of their vulnerabilities. The cyber landscape is constantly evolving, and it is vital that all charities are aware of their risks and vulnerabilities so that the appropriate control measures can be put in place to protect them. Throughout my years of experience, I have found that if an organisation does not fully understand its risks, money is often wasted, and controls may not be as effective as they need to be.
At Exponential-e, most of our customers have set up VPN connections for their remote workers or virtual desktops for employees that aren't provided with laptops. However, there is still the potential risk for an uncontrolled, infected endpoint to unknowingly distribute malware into an organisation and consequently, take down all systems. Several organisations have been affected by ransomware attacks recently, which have all originated from a malicious phishing email. In order to reduce the success rate of phishing attacks, all users need to be educated to be able to identify a phishing email, and to know how to react effectively in order to stop them, see my Top Tips for Working From Home video for more information.
Increasingly, charities are reliant on online services – donation platforms and login pages – and consequently, many charities are falling victim to cyberattacks. Smaller charities are often more vulnerable, since they have less awareness of cyber security as a whole and are naïve to the risks they may face from a cyberattack. The National Cyber Security Centres' (NCSC) 'Cyber Threat Assessment: UK Charity Sector', identified that the most common vector for cyberattacks against charities were phishing emails; fraudulent emails, containing links to fraudulent websites. These impersonation attacks are dangerous, and often lead to malicious software making their way into IT systems. If a charity loses access to their online services, it could result in an existential threat to their survival – from the ensuing reputational damage and the prevention of service delivery.
Being one of the founding members and a current board member of The Cyber Helpline, a free, confidential helpline for individuals who have fallen victim to cyber crime. I use my expertise to help individuals contain, recover and learn from cyber attacks. The Cyber Helpline was designed and developed in the cloud, and we have continuously made sure that the infrastructure is always protected and tested each month. The founding members of The Cyber Helpline have come from the cyber security industry, subsequently we have been able to ensure that the security by design was in place from day one.
This service uses chat-bot technology, which was developed to help triage any incidents. When we first started out, we were worried that we might not have adequate resources to cope with the quantity of incidents occurring, so the use of this technology helped in addressing this risk. Our chat-bot can ask relevant questions, to help us identify what the incident is in relation to, and which classification it falls into, so that we can react accordingly. If an incident could cause harm to an individual, it is quickly escalated through to a volunteer or manager, to ensure it is handled appropriately. In other cases, when the incident can be resolved through following a set of step-by-step instructions, we provide the individuals with an appropriate guide, so that they are able to help themselves. Our volunteers use their own systems to access the cloud environment, but we train them thoroughly as part of the on-boarding process. Additionally, all our volunteers have anti malware solutions in place, to protect their systems, and are able to accurately identify phishing emails.
There are still many charities that are not able to employ a Chief Information Security Officer (CISO) and have yet to act and seek external help to mitigate the risks posed by cyberattacks. Even for those who have received external help with their cyber security, it is still crucial for them to stay on top of the evolving threat landscape. Accepting advice and guidance is important in preventing the damaging effects of cybercrime.
At Exponential-e, we welcome the opportunity to help any charity needing assistance with cyber security questions or solutions. Our Cyber Security team exists to support and educate our customers, especially those who are in the vulnerable position of knowing that cyber security is a threat, but are less aware of the solutions required to protect their organisations against it. We are consistently on hand when required, to supply knowledge and give support to our customers, all whilst maintaining and renewing our own knowledge base, to remain up-to-date with current threats in the industry and how best to mitigate against them. We abide by integrity, reliability and perseverance, in order to provide the best cyber security solutions for our customers' individual requirements.
We are currently hosting a series of webinars around different areas of cyber security, click here for more details.
Passwords are often more associated with individual and consumer cyber security, but they are an essential part of an organisation's overall security posture. For example, you wouldn't leave the windows open overnight as this would allow easy access into the building for thieves. In the same way, a weak password offers cyber attackers easy access to your corporate infrastructure, after which they can use these credentials to escalate permissions until they granted themselves administration privileges, at which point the risk of financial and reputational damage becomes truly serious!
Global broadcasts place incredible demands on infrastructure, which must offer the performance and resilience required to accommodate the anticipated spikes in viewership. Exponential-e has worked closely with a number of world leaders across the broadcasting and media sector, providing fully integrated solutions that ensure their connectivity is of the very highest quality, freeing their own teams to focus on the broadcast itself, safe in the knowledge that they can completely depend on their technological foundation, no matter how many viewers around the world tune in.
Over the course of the past year, the contact centre has been changed forever, with social distancing requirements meaning that familiar methods of face-to-face contact are now unavailable. In light of these shifts, social media, video and email contact are now regularly utilised as the primary channels for customer queries – a trend that we have seen on the rise for some years now. Between March and November 2020, we saw a significant update in the use of online channels, with 54% of organisations reporting an increase in email contact, 52% reporting an increase in social media, and 65% reporting an increase in the use of web chat.
The finance sector is required to have one of the most sophisticated cyber security postures in the world, with bureaus, banks, finance companies and insurers working closely with their technology partners to ensure sensitive financial data is managed, stored and transferred, with a stringent range of international security standards that must be adhered to at all times. However, cyber criminals have demonstrated repeatedly that they are constantly working to breach even the most sophisticated security ecosystems, devising new ways to exploit both technological vulnerabilities and human error.
Microsoft Teams has been in the ascension for some time now, rising exponentially in popularity throughout 2020, to the point it is now the default internal communications tool for many organisations, with the distributed workforce utilising it to effectively collaborate with colleagues on a day-to-day basis.
