With cyber breaches growing in volume and frequency (Carbon Black reported that 88% of UK organisations suffered a breach in 2018) you can guarantee that your organisation will be targeted by cybercriminals at some point.
3490 Hits
Over the last week, school leaders have risen to the challenges of the current crisis.It is a reminder of the responsiveness and resilience of our education system, and for those that are living on another planet (or wish they were at the moment!), the government is closing schools as of today to the vast majority of students. Children of key (critical) workers are still able to attend to ensure medical and transport staff can remain at work, but what does this mean for the other students?
1769 Hits
Cyber professionals say that companies involved in the manufacturing industry are more exposed to cyber-attacks. This was revealed by a number of studies produced by the Manufacturers Alliance for Productivity and Innovation (MAPI). According to MAPI; 40% of manufacturing firms experienced a cyber-attack within the last year. Of those attacked, 38% of them suffered over $1 million in damages.
2117 Hits
Now more than ever, digital security is a team effort, with staff at all levels of an organisation having an active part to play in keeping critical business data safe. With the outbreak of COVID-19, and an unprecedented volume of staff working from home, robust security policies and systems are no longer enough - each and every member of staff must consider security as a fundamental part of their developing remote working routines.
But what can each of us personally do to ensure our organisations maintain their usual standards of security for the duration of this crisis, without letting such measures detract from our day-to-day work? Here are a few starting points…
Be prepared
If you're new to remote working, don't go in blind. Take the time to re-familiarise yourself with your company's security policies (particularly any new ones for home workers) and be sure to attend any training sessions that are on offer (as many organisations are rolling out remote training sessions for home workers, there are no excuses!). This will make the transition far smoother and allow you to stay focused on your work.
Secure your router
At Exponential-e, we always say that 'your Cloud is only as good as your network'. In the same way, your remote working solution is only as good as your router. As above, make sure its password is secure (especially if you've never changed its pre-set password!) and take any recommended security measures, both from your network provider and your IT team.
Check your passwords
This is a familiar refrain in the world of data security, but it always bears repeating. Familiarise yourself with current best practice regarding password creation (there are plenty of useful resources available online for this) and avoid reusing passwords. While memorising multiple passwords for each platform you use for work is certainly inconvenient, there are many excellent password manager tools available. Ask your IT team which one they would recommend, as your company may already require employees to use a specific one.
Enable updates
We all know how irritating requests to install updates on our personal devices can be, but in our current climate, it's more important than ever. More than just keeping your own devices secure, a single instance of malware could bring down your entire company network, so don't take any chances. Ensure you install all recommended updates, or – better yet – enable automatic updates. This will ensure your devices are always protected against the latest security threats.
Ask!
As we've already mentioned several times in this post, if you are unsure about anything when it comes to data security, don't guess… ask the right person! In particular, your IT team will be more than happy to advise you about security best practice when home working, or alternatively, consider Exponential-e's Cyber Security Advisory service, which was created to provide a 'one stop shop' for any security-related concerns you may have.
In the meantime, download our Working from Home Checklist, which breaks down all the key elements of secure remote working.
2198 Hits
In recent weeks, companies across the UK have found themselves transitioning to a remote workforce with little to no choice, despite the approach previously being treated as solely for limited or specific circumstances. There's no doubt that the rapid implementation of a whole new way of working presents considerable challenges, but as the Exponential-e teams who've partnered with organisations across a range of sectors to do so have demonstrated, it is very much achievable, provided you start with the right solutions in place.
In particular, consider the following…
A secure VPN
Virtual Private Networks have long been the benchmark solution for remote working, but with the spread of COVID-19, we are seeing companies moving from maintaining a few VPN licenses for specific instances to deploying them for their whole workforce. However, there's a good reason for this – if implemented correctly, it maximises security by encrypting all data you send through your company network. While you may require a cloud-based solution for specific applications, a quality VPN is an intelligent foundation for your day-to-day work.
A password manager
It's no secret that reusing passwords across different platforms presents a great risk of cyber criminals accessing corporate systems through guesswork. Nonetheless, it's still tempting for employees to do so due to the difficulty in keeping track of large numbers of unique passwords, especially when they need to be regularly updated, in line with internal security protocols. Fortunately, a password manager tool which integrates with your web browser makes it easy to keep your passwords secure, while still ensuring they are available when you need them. Ask your IT team if they recommend a specific one.
Automated backups
External backups are a key part of any effective business continuity and disaster recovery strategy, which should still be the case when you're working from home rather than the office. Your company is likely to have a system in place for this, particularly if you have already adopted a cloud-based strategy, so ensure you follow all guidelines when you begin remote working.
The right WFH solution
One of the biggest obstacles to remote working in the past has been the need to maintain continuity with existing business processes and systems, ensuring work can be conducted as normal, without compromising either security or efficiency. Fortunately, there are several ways of doing this, but it's important to be conscious of security when using such solutions, and always use the one recommended by your IT team. A proven, trusted platform like Exponential-e's Working from Home solution is ideal, allowing teams to continue using your company's preferred tools as normal, regardless of where they are logging on from. This will ensure a smooth transition to remote working for the entire workforce.
Two-factor or multi-factor authentication
Related to the above, two-factor or multi-factor authentication provides an extra level of peace of mind, by creating an extra obstacle for cyber criminals, even if one of your passwords is compromised. As password theft measures have become increasingly sophisticated over the years, this is no longer a 'nice to have' measure - it should be a standard part of your remote working systems and wider security policies.
Effective anti-virus protection
Viruses continue to evolve on a near-daily basis, and which means a robust anti-virus solution should still be your first line of defence and may even give you time to secure your infrastructure in the event of a password being compromised. Make sure an industry-standard solution is installed on all your devices and enable automatic updates.
The next steps...
Bear in mind that the technology and processes are only part of an effective remote working system. Establishing best practice amongst staff at all levels, ensuring chosen solutions are able to evolve with your organisation, and having the right partners to support your ongoing growth are all equally important. To find out more about how remote working can become a powerful tool for future business growth, download our Working from Home Checklist, which sets out our experts' proven strategies for making this a reality.
Bear in mind that the technology and processes are only part of an effective remote working system. Establishing best practice amongst staff at all levels, ensuring chosen solutions are able to evolve with your organisation, and having the right partners to support your ongoing growth are all equally important. To find out more about how remote working can become a powerful tool for future business growth, download our Working from Home Checklist, which sets out our experts' proven strategies for making this a reality.
1744 Hits
Organisations around the world are moving closer and closer to establishing a new standard of best practice for remote working, with new tools and processes revealing themselves in response to the current pandemic. well for the future and our 'new normal', it's important that we treat our new home working environments with the same level of diligence we do our offices. If remote workers at all levels ensure the usual standards of security are maintained at all times, we will be able to focus on the range of ways home working can potentially act as a springboard for future growth.
Here are a few key points to bear in mind…
Always be suspicious of links
Cyber-crime is constantly evolving and shows no signs of slowing down during our current pandemic, which means we must all stay vigilant and exercise caution before clicking on any links we receive. Even if a link is from a legitimate-looking email address, check before clicking on it, as you can hover over it with your cursor to view the URL. If you have any concerns, alert your security team. In particular, watch out for 'working from home' scams, where fake websites offer 'home testing' kits or – in certain cases – cures for COVID-19. Avoid these at all costs, in order to keep both your personal bank account and your organisation's network secure.
Stay smart when sharing documents
When connecting to your company network from home, it's important that you ensure all the same security measures that would be utilised in the office are still in place, with all communications properly encrypted. Your IT team should always have an established set of procedures and tools for securely sharing documents – especially those that contain sensitive data – so be sure to revise this if you haven't already and avoid using any third-party platforms for this purpose.
Lock your device!
Most professionals are already familiar with best practice whenever it comes to leaving devices unattended in the workplace, and in our current lockdown, it's unlikely any of us will accidentally leave work devices on public transport. But it's' essential that we do not let those practices slip while we're working from home. We've all heard funny stories in the news about when children get access to their parents' phones, but when our devices are connected to our business networks, it's important that they're 100% inaccessible to everyone except us. Even something as simple as a family member clicking on an unsecure website could lead to a costly security breach.
All these points might seem like a lot to consider on a day-to-day basis, but COVID-19 has helped drive a new burst of digital innovation in response to the need for secure, efficient remote working. There are now various solutions available to consolidate these measures into elegant, user-friendly solutions that make secure home working stress-free, such as Prisma Access. For more advice on putting all these points into practice, be sure to download our Working from Home Checklist, which guides you through both best practice and choosing the right tools.
2103 Hits
A number of charities have their IT foundations built on historical infrastructure and systems which are hard to appropriately protect. Within the current climate, it is now vital that all solutions are accessible remotely, ensuring employees do not need to travel into offices. However, where does this leave cyber security?
The Department for Digital, Culture, Media and Sport found that only 32% of charities have performed a cyber-risk assessment in the last 12 months (The Cyber Security Breaches Survey 2019), meaning there are a significant number of charities that could potentially not understand all of their vulnerabilities. The cyber landscape is constantly evolving, and it is vital that all charities are aware of their risks and vulnerabilities so that the appropriate control measures can be put in place to protect them. Throughout my years of experience, I have found that if an organisation does not fully understand its risks, money is often wasted, and controls may not be as effective as they need to be.
At Exponential-e, most of our customers have set up VPN connections for their remote workers or virtual desktops for employees that aren't provided with laptops. However, there is still the potential risk for an uncontrolled, infected endpoint to unknowingly distribute malware into an organisation and consequently, take down all systems. Several organisations have been affected by ransomware attacks recently, which have all originated from a malicious phishing email. In order to reduce the success rate of phishing attacks, all users need to be educated to be able to identify a phishing email, and to know how to react effectively in order to stop them, see my Top Tips for Working From Home video for more information.
Increasingly, charities are reliant on online services – donation platforms and login pages – and consequently, many charities are falling victim to cyberattacks. Smaller charities are often more vulnerable, since they have less awareness of cyber security as a whole and are naïve to the risks they may face from a cyberattack. The National Cyber Security Centres' (NCSC) 'Cyber Threat Assessment: UK Charity Sector', identified that the most common vector for cyberattacks against charities were phishing emails; fraudulent emails, containing links to fraudulent websites. These impersonation attacks are dangerous, and often lead to malicious software making their way into IT systems. If a charity loses access to their online services, it could result in an existential threat to their survival – from the ensuing reputational damage and the prevention of service delivery.
Being one of the founding members and a current board member of The Cyber Helpline, a free, confidential helpline for individuals who have fallen victim to cyber crime. I use my expertise to help individuals contain, recover and learn from cyber attacks. The Cyber Helpline was designed and developed in the cloud, and we have continuously made sure that the infrastructure is always protected and tested each month. The founding members of The Cyber Helpline have come from the cyber security industry, subsequently we have been able to ensure that the security by design was in place from day one.
This service uses chat-bot technology, which was developed to help triage any incidents. When we first started out, we were worried that we might not have adequate resources to cope with the quantity of incidents occurring, so the use of this technology helped in addressing this risk. Our chat-bot can ask relevant questions, to help us identify what the incident is in relation to, and which classification it falls into, so that we can react accordingly. If an incident could cause harm to an individual, it is quickly escalated through to a volunteer or manager, to ensure it is handled appropriately. In other cases, when the incident can be resolved through following a set of step-by-step instructions, we provide the individuals with an appropriate guide, so that they are able to help themselves. Our volunteers use their own systems to access the cloud environment, but we train them thoroughly as part of the on-boarding process. Additionally, all our volunteers have anti malware solutions in place, to protect their systems, and are able to accurately identify phishing emails.
There are still many charities that are not able to employ a Chief Information Security Officer (CISO) and have yet to act and seek external help to mitigate the risks posed by cyberattacks. Even for those who have received external help with their cyber security, it is still crucial for them to stay on top of the evolving threat landscape. Accepting advice and guidance is important in preventing the damaging effects of cybercrime.
At Exponential-e, we welcome the opportunity to help any charity needing assistance with cyber security questions or solutions. Our Cyber Security team exists to support and educate our customers, especially those who are in the vulnerable position of knowing that cyber security is a threat, but are less aware of the solutions required to protect their organisations against it. We are consistently on hand when required, to supply knowledge and give support to our customers, all whilst maintaining and renewing our own knowledge base, to remain up-to-date with current threats in the industry and how best to mitigate against them. We abide by integrity, reliability and perseverance, in order to provide the best cyber security solutions for our customers' individual requirements.
We are currently hosting a series of webinars around different areas of cyber security, click here for more details.
3066 Hits
The finance sector is required to have one of the most sophisticated cyber security postures in the world, with bureaus, banks, finance companies and insurers working closely with their technology partners to ensure sensitive financial data is managed, stored and transferred, with a stringent range of international security standards that must be adhered to at all times. However, cyber criminals have demonstrated repeatedly that they are constantly working to breach even the most sophisticated security ecosystems, devising new ways to exploit both technological vulnerabilities and human error.
2229 Hits
With the flexible office model slowly but surely supplanting the traditional working environments in favour of dynamic co-working spaces for a number of years now, we have seen many organisations reconsider the way they think about commercial real estate.
2319 Hits
The past year has challenged the UK's education sector in ways that would previously have been inconceivable, with children learning from home the majority of the time since March.
2723 Hits
The past year of upheaval in the digital landscape has created a number of singular challenges for the Legal sector, in addition to firms' longstanding obligations around security and data governance.
1805 Hits
securityBy 2019, 1 to 2 million roles within cyber security will be unfulfilled. That's a figure that should strike fear into the heart of even the most stoic of business people. The threat of cyberattacks is growing quickly, and there aren't enough skilled people in place to control the wildfire.
This global cyber security skills crisis isn't exactly a new problem, though. Over the last 2 years, 40% of cyber security roles remained unfulfilled, despite an increase in job postings of over 74%. This is a problem, then, that's been smouldering in the background for a long time, and consequently now has the potential to create some serious destruction.
What's fuelling the fire?
Although there is a growing understanding of how vital cyber security is, organisations still don't necessarily understand exactly how fundamental it is to the success of their companies. Just look at cyber security budgets, which usually account for only 25-30% of an organisation's total IT spend (according to the IDC.)
With the number of attacks only growing, this is clearly not enough money. Every time a company gives an employee a take-home device, they're exposing themselves to a lot more than 25-30% of the total security threats!
Even if there were enough people applying for cyber security roles, the relatively meagre budget allocated to cyber security by most organisations still wouldn't be sufficient to hire all the cyber security professionals they need.
Out with the in-housing, in with the out-sourcing!
What with the lack of applicants and budget allocation, many companies are now choosing to outsource their cyber security teams. By the time we get to 2020, it's likely that most organisations won't have their own in-house cyber security skills.
For most companies, the best way to plug the cyber security skills gap is to call in organisations that offer an offsite security service. Even better, they can call in an organisation which provides the cyber security element on top of other useful offerings, like network and virtual data centre services (conveniently).
Going this route is making organisations' total IT spend more efficient.
This is because you don't have to invest in the infrastructure. By outsourcing, you can be flexible with the scope of the estate. You are also going to get better quality responses from analysts because they are keen to make sure you want to maintain the service.
These analysts add an extra dimension to the organisation – you don't have to hire them but they're there. To cut a long story short, if and when the big alarm goes off (and something goes wrong), there's always someone there to help fix it. An outsourced security team is probably going to give your organisation a lot more value than the 25-30% you're currently spending on your IT budgets – their expertise will really give you more bang for your buck.
And crucially, you can switch this service on and off as you wish. The job of a Cyber Security Operations Centre (CSOC) is to be there to protect what really matters - when it matters.
Anyone can buy the tools to offer a cybersecurity service. You can buy a firewall quite easily - just pop onto the internet and order one. But the value lies in knowing what the output means – and which next steps to take. Your recently purchased firewall isn't going to do you much good if you don't know what it's telling you. Therefore, most organisations need to bring in expert cyber security monitoring and advisement in order to get the best use out of their technology. And who wouldn't want to do a better job whilst saving money?
3051 Hits
76% of organisations are implementing the cloud or already operating in it. And no wonder: Cloud can do great things for your organisation. It can provide increased data storage capacity, improved business continuity, and potential cost reduction. However, using the cloud brings significant security risks with it, including data loss and threats to data privacy.
3383 Hits
Cyber security is more complex now than ever before, and the implications of a cyber-attack can be much more disastrous. Organisations must consider not only the financial implications but the reputational damage that can arise following an attack. The proliferation of social platforms and the increasing needs of regulation, mean that security breaches can be publicised across the globe within minutes. Whilst the cost of launching a cyber-attack has reduced over the last few years, the cost of defence has risen. This is because there's a greater variety of attack vectors – means by which an attacker can gain access to your network. The methods deployed are so vast, compared to previously, that it makes it increasingly difficult to build an effective defence against. Highly sophisticated cyber-attacks are also using automation techniques to maximise their damage, to the extent where one piece of code can be used many thousands of times.
2790 Hits
There's no doubt that Unified Communications have never been in such high demand as in recent months. The current global pandemic has meant the need for secure and reliable remote working tools has risen to an unprecedented level, with a wide range of solutions thrust into the limelight as a result. Platforms like Zoom and Microsoft Teams are now an established part of both our personal and professional lives, with Zoom alone hosting more than 300 million meeting participants in April 2020[1].
However, as with any technology that experiences a period of rapid growth, we are now moving beyond the initial emphasis on speed to market. As Unified Communications become an increasingly essential part of the virtual workplace, we must now establish exactly how this impacts users, how it meets compliance requirements, and how secure it is.
Our initial response to COVID-19, which focused on the rapid onboarding of UC solutions, has demonstrated that we should always be vigilant when implementing new systems. Technological developments to address immediate concerns are certainly essential, but users – both personal and professional – must be conscious of any security risks and ensure they follow best practice at all times, particularly with BYOD arrangements. For example, the importance of utilising strong passwords is already well-established, but its importance was highlighted once again by recent incidents where cracked passwords have been used to disrupt online meetings, taking advantage of platforms' lack of end-to-end encryption[2]. And whilst updates are regularly released for all platforms to rectify security issues as they are discovered, this doesn't eliminate the initial risk that is posed, which means users must take the time to educate themselves, with the support of their providers.
Data sovereignty is another serious concern, particularly in sectors like healthcare, legal and finance, which have strict requirements about how and where sensitive data is stored. Recent revelations that certain platforms routed user data through different countries to meet increasing demands for capacity[3] are putting organisations' security posture into sharp focus. Going forward, providers of UC solutions must offer their users complete confidence they are compliant with all local and international data protection regulations, such as the GDPR, which may mean maintaining data centres across multiple regions.
As organisations in both the private and public sectors become more conscious of the potential security risks surrounding UC solutions, we are sure to see the establishment of clear best practice amongst both providers and users. However, this will require close collaboration between all parties concerned if we are to take a proactive rather than reactive approach to the issue, ensuring robust security is inherent in the design of all UC solutions rather than offering fixes when a breach does occur.
If you're keen to find out more about the ongoing evolution of UC solutions and the best practises to ensure you are fully secure at all times, our Head of UCC Solutions, Gareth Hayes, and Head of Cyber Consultancy, Mark Belgrove, will be exploring these challenges and considering potential ways forward, with plenty of practical advice throughout. Register here.
2040 Hits
The past few months have certainly been challenging for businesses all over the UK - from start-ups to established industry leaders. Organisations have found themselves adapting to the demands of a remote workforce virtually overnight, deploying communications solutions to enable their teams to engage with both each other and their customers. While it's true that this technology has been available for a while now, it has never been deployed at this scale before. This has presented a range of challenges when it comes to infrastructure, but these are only part of the picture.
2268 Hits
Cloud adoption has been rising year by year for some time now, with Gartner predicting this trend to accelerate beyond 2020. It has long moved on from its earliest days, where it was largely regarded as an intriguing concept but unsuitable for enterprise-level applications. Now, with a wide range of options available - including Public, Private and Hybrid solutions - it has become a highly attractive prospect for organisations at all levels, especially against the backdrop of COVID-19 and the resulting advancement of remote working. While these trends are very much the latest stage in a long process of transformation, the pandemic has undoubtedly been the catalyst behind much recent Cloud adoption, as organisations accelerate their journeys towards a distributed workforce.
So, where does that leave us in terms of the biggest question: "Is Cloud right for my organisation?"
3745 Hits
There's no doubt that home working is here to stay. While it may have initially been deployed at large scale out of necessity, in response to COVID-19, it is clear that we are witnessing the dawn of a fully distributed workforce. However, as organisations continue to invest in new solutions to drive this change, it's important to remember that these are still the early days. We've never seen home working at this sort of scale, which means we need to establish a new standard of best practice and - equally importantly - the technology to support this.
4116 Hits
The move towards Hybrid Cloud infrastructures - with on-premise solutions systems connected to Public and Private Clouds to maximise the benefits of each solution - has been in progress for a number of years now. Indeed, in 2019 it was reported that 69% of organisations were already utilising some form of Hybrid Cloud solution1. Since then, the move towards a distributed workforce in response to COVID-19 has accelerated this process, with 82% of organisations reporting that they have accelerated their Cloud adoption strategies as a result of the pandemic2.
3336 Hits
It's well-established that security is an essential part of all infrastructure. With data protection more of a concern for customers and end users than ever - particularly in light of regulations like the Cloud Act and GDPR - it's vital that organisations demonstrate a clear commitment to the security of their networks, Cloud applications and physical devices.
3447 Hits