Since the beginning of the global COVID-19 pandemic in 2020, many organisations embraced evolution and innovation to ensure business continuity.
For some, this meant a hybrid working structure for office workers, for others, a transition from a traditional bricks-and-mortar store to an eCommerce model. In both scenarios, these transitions resulted in new technology, new processes and new behaviour for all employees.
But how often do businesses take the leap to digital before putting a cybersecurity strategy in place? And how many are training their employees to spot a cyber threat?
Cyber training for employees
As we look to the future, it’s clear that the hybrid working model is here to stay for office-based businesses and is more comfortably adopted by organisations than pre-pandemic. With this in mind, it’s essential IT leaders, organisations and their employees are equipped and trained for this new way of working.
Proactively conducting company-wide cybersecurity training and taking the time to show employees real-life examples of attacks and the detrimental impact these can have is an effective starting point to illustrate the importance of their role as part of the cybersecurity defences.
Teaching employees to identify phishing emails, spot unauthentic links and protect themselves (and the organisation) from potential breaches means that if threats slip through your cybersecurity net, your team have the knowledge to react accordingly.
This point grows in importance when you consider that this training helps employees in their personal lives too, as threat actors are increasingly targeting consumers as a means to breach their employers.
Malware and ransomware
However, with phishing-borne breaches and ransomware on the rise between 2020 to 2021, education alone isn’t enough. Technology solutions, like Tessian, Zivver, Ironscales and Egress, that both educate on-the-job and protect users should be considered alongside education & testing programmes.
94% of malware is delivered via email, showcasing just how valuable it is to include a proactive security solution within your cybersecurity strategy to safeguard users. This could take the form of a secure web gateway product, such as Menlo Security, which isolates the threats your users are exposed to on internet browsers, via email or applications that may be critical to your business.
Invest in security technology
2022 will be another big year for companies to implement and update their cybersecurity strategy and solution sets.
Yet it’s clear there’s a glaring gap between intentions and actions. The cybersecurity sphere is constantly evolving and whilst there are software patches available, it’s essential businesses aren’t left with open windows allowing easy access for threat actors, so taking the time to execute full security reviews using tools such as Encore.io to evaluate security coverage and ROI means you can get a full picture of your own cybersecurity landscape.
Another effective technology shift organisations are increasingly investing in as part of a remote working strategy is passwordless account access. By 2022, Gartner predicts that 60% of large and global enterprises, along with 90% of mid-size enterprises, will implement passwordless authentication methods in over 50% of use cases, up from 5% in 2018.
At the very least, every business, especially those working remotely, should have an identity access management solution or strategy in place to set a policy and expectations around account access or password setting for employees – especially when geographically separated.
Tools such as Okta can not only enforce multi-factor authentication, but also ensure the business can streamline the joiners, movers and leavers process meaning employees have access to the right information and applications at the right time for their role. Most importantly, their access rights can be removed from the list of applications with a click of a button.
MFA tokens such as Yubico’s YubiKey can also ensure users aren’t using obvious or identical passwords due to the random generated string of characters for each login further enhancing the security of the business.
Implementing a passwordless system improves security by combining biometrics and possession authentication, while blocking account takeover attacks and enhancing password hygiene. Passwordless is also much more reliable and secure when it comes to remote working access, and it reduces the need for IT support when employees forget their passwords, in turn improving productivity – a huge benefit commercially.