It goes without saying that technology has become an integral part of the workplace and the way we work. It is virtually unthinkable for us to go about our daily work without using a variety of apps and platforms, whether to interact with our peers, collaborate on projects, and get things done. However, while technology has its advantages in speeding up and enhancing processes and allowing people to work from anywhere and with any device, it does also carry a significant security threat if managed poorly.
Security has long been a challenge for many businesses, especially those dealing with sensitive data. The recent COVID-19 pandemic has further accelerated the adoption of remote working policies. This has left many wondering how to introduce flexible working policies while ensuring security, now and after the pandemic.
In this blog post we will discuss the importance of digital workplace security, the common security threats facing businesses, and how to minimize them.
The importance of digital workplace security
The frequently asked questions we receive on our website or during demo sessions are often related to data protection and security, and hosting services. This shows the importance that businesses place on security, and where their data will be stored and handled.
Additionally, when first deploying a digital workplace, businesses often look to integrate it with legacy systems and third-party applications. This results from the growing willingness of employees to use their own devices and apps at work. According to an intel study, 61% of Gen Y employees and 50% of employees over the age of 30 believe that the technology tools they use in their everyday lives are more effective than those provided by their employers’ IT departments. To counter the phenomenon known as “shadow IT” and to ensure the security of personal information and sensitive data, IT teams have progressively leaned towards holistic digital workplace solutions that can group a host of features and that are easily integrated and securely accessible through two-factor authentication and single sign-on.
The common security threats facing businesses
Whenever we think about cyber security, we often imagine Mr Robot in his hoodie trying to infiltrate systems and blackmail people. In a way it is accurate; hackers are probably among the biggest threats to businesses, regardless of their size or industry. A recent report by Positive Technologies found that cyber attacks targeting organisations are on the rise, with an increase of 19% between 2018 and 2019. The most targeted sectors were government organisations and healthcare and educational institutions, which were the recipients of 54% of all attacks.
By seeking weak passwords, sending phishing emails, and launching malware and social engineering attacks, hackers can identify weak links and take over entire networks. Although hackers continuously come up with new ideas and techniques to trick users and businesses, they are often helped by staff negligence (which accounts for 70% of data breaches), a lack of cybersecurity basic knowledge, and accidental web and internet exposure. Those are the findings in a report by Identity Theft Resource Center (ITRC) that looked in great detail at the common causes of data breaches. It also found that some data breaches are caused by deliberate data theft by authorised personnel, companies using limited and insecure protocols, and poorly designed access control.
But how can we ensure that our systems are safe?
Best practices to minimise security threats
- Develop a cybersecurity policy
Having no cybersecurity policy in place may leave your business vulnerable to attack, whether external or internal. A cybersecurity policy is best defined as a set of procedures, measures, and resources put in place by a business to prevent and effectively respond to various threats. It can help employees to understand their roles and responsibilities in protecting and handling information, and to know which devices and apps they can use in their work.
First, the policy should outline the individuals and actions that may pose a threat to the business. They may range from hackers and vandals to employees who unintentionally or intentionally leak various types of data.
Second, a set of measures must be included, to control and manage access to the platform and critical resources. For example, regular users will enter their unique credentials in order to access a platform, but to enter as a system administrator or to access certain areas and files, they must request special access and permissions. Their passwords must be updated regularly and they must follow a set of best practices when doing so, such as avoiding the use of obvious terms from dictionaries, using special characters, and not using the same password for different accounts.
Employees must be given guidelines for authorised remote access. The guidelines need not be complex and must not require users to be technology experts. For example, public Wi-Fi should be avoided as people outside the business will have access to the network. This may give them a pathway to the PC and eventually to the company’s system. Encourage employees always to use their work computers, to update their passwords frequently, and to use VPN access.
- Continuous training
As mentioned above, hacking techniques are always evolving and businesses must be ready to counter any type of attack. However, IT teams are not in this alone. Employees have a key role to play in keeping their personal and company information out of the hands of attackers. Training is provided to new hires, plus regular sessions for employees in various departments, to keep them updated on the latest threats and how to prevent and overcome them.
- Control access to information
A significant proportion of all attacks launched at company networks come from the inside. It is advisable to keep certain data accessible only to those who need it. To do that, system administrators have to manage permissions and restrict and control access. For example, detailed role-based permissions can be managed at different levels of a digital workplace: at the level of a page, at the level of a container block on a page, at the level of the apps inside a container, and at the level of individual content (articles, files, wiki pages, portal pages, web content, forums, etc). This enables adequate targeting of the user experience and ensures security by showing the user all the tools and information he/she needs, based on his/her role or groups (which can be departments, locations, etc).
- Be sure to update regularly
With enterprise software in general and digital workplace solutions in particular, updates are essential in enhancing security and protecting company data. With each release, developers try to find security flaws that can be exploited by hackers through malware. A failure to update systems regularly can make it easier for attackers to access and control your network and encrypt your data.