The increased use of digital technologies to enhance or even create entirely new business models, customer experiences and working processes has led to a transformation in the way companies operate. While this change has been occurring over many years, there was an unrivalled acceleration during the pandemic.
In more ways than one, the pandemic acted as a catalyst for digital transformation. We saw a new reliance on virtual working technologies in almost every industry – employees who have never experienced remote working suddenly found themselves working from a laptop in their living room table; pubs and restaurants suddenly had to alter the way they worked by providing digital ordering service; the healthcare industry found ways to deploy technology to return COVID-19 results quickly, etc.
In a post-pandemic world, the role of IT in businesses continues to evolve. Organisations are moving beyond the use of technology for day-to-day operations by leveraging technology to move faster, cut costs and improve productivity.
United Kingdom alone has a digital population of around 67 million people. Most businesses now understand that getting on board with digital transformation can help them meet customers’ needs a lead to increased productivity within their own organisations. Digital transformation has also allowed for hiring staff from parts of the world that may not have been previously considered and has opened the talent pool for many. Staff, particularly millennials are now opting for positions that allow a degree of remote working over those that are firmly office based. You may have heard that the most commonly requested working arrangement is the “TWaT”, that is, office based, Tuesday, Wednesday, and Thursday. Mondays and Friday are “working from home” days.
How does digital transformation impact cybersecurity?
With every business having to adopt new technologies, a new set of cyber challenges present itself – data privacy and online safety. In the last 12 months, 39% of UK businesses identified a cyber-attack. Of the 39% of UK businesses who identified an attack, the most common threat vector was phishing attempts (83%). Of those who identified an attack, around one in five (21%) identified a more sophisticated attack type such as denial of service, malware, or ransomware attack.
The increased adoption of digital transformation has changed cybersecurity. With organisations racing to adopt digital technologies in their pursuit of enhanced customer experience and new business models, cybercriminals will also continue to find ingenious ways to perpetuate their activities. A 2021 Financial Services Information Sharing and Analysis Centre (FS-ISAC) report highlighted an increase in global threats owing to the rapid digitisation of the financial services sector and expects that third-party risk, zero-day vulnerabilities, and ransomware groups will adapt to the ever-changing cyber environment.
Despite these growing risks associated with new technologies, the many positive possibilities that digital transformation holds continue to make it attractive to businesses notwithstanding the risks.
How can decision makers ensure data and cyber security against ever-changing cyber threats?
6 practical ways to reduce cyber security risks
Having a dependency on technologies for day-to-day tasks can create a vulnerability to data loss, cyberattacks and privacy infringement when data is unprotected.
As an organisation, you cannot leave your cybersecurity to chance. Alongside the astronomical financial damage that a cyber breach can cause, the reputational damage can negatively impact a business. With all these at risks, how can organisations reduce cybersecurity risks?
Data encryption and backups
Company data must be encrypted in transit and at rest. In practical terms, this means using BitLocker disk encryption on Windows computers or the built-in data encryption facilities in MacOS. Sending data via FTP (file transfer protocol) is out of the question as it isn’t encrypted when sending over a network. However, many financial services organisations still use FTP to transfer data between organisations. The modern equivalent is SFTP, the “S” stands for secure and relies on the use certificates to encrypt the data.
You should also conduct regular backups for important information. Despite taking precautionary measures, sometimes cybersecurity breaches can result in data loss. Having a reliable and secure backup, should prevent operational disruption that could cost your business loss of revenue in the event of a breach. It is also important that different passwords and encryption keys are used for backup systems. All too often, organisations use the same credentials on their live and backup systems. If the live system is then compromised, then a cybercriminal will compromise the backup system when credentials have been shared. It is also important to test backups on a regular basis to know that data can be restored and that all data for continued operation will be available.
Regular Systems Update
Regular software and systems patching will protect you from the majority of new security threats. Ensuring that you have everything updated means that you will receive the latest security features from your software provider. This will help patch vulnerabilities and security flaws that could be exploited.
Phishing simulation and trainings
According to a 2021 report by Verizon, human error accounted for 85% of data breaches. Phishing emails can sometimes be difficult to detect as they oftentimes look legitimate. It is pertinent that employees receive cybersecurity training at least twice per year to be able to detect these malicious attacks. While cybersecurity awareness training does not completely eliminate the risk of a cyber breach, it can drastically reduce the likelihood of a data breach occurring in your business.
UK National Cyber Security Centre (NCSC) recognises multi-factor authentication as an effective way to prevent 90 per cent of attacks on accounts. To fully understand why multi-factor authentication is a great idea, it helps to understand that a number of attacks that businesses face typically start with the compromise of a single employee’s credentials and whilst cybersecurity awareness training is a good start, it can be a mistake to be completely reliant on the effectiveness of awareness training to help employees detect phishing attacks.
Multi-factor authentication verifies a user’s identity using an additional credential. Whereas we normally use a username and password to access a system, MFA will add something else that only the user should have access to. This can be a text message to their phone, a phone authenticator app which generates a new code every 30 seconds, a smart card, facial recognition, or fingerprint scan. MFA offers multiple layers of protection that makes it very difficult for a cyber-criminal to access a device. If a cybercriminal steals one credential, they will still need to verify their identity in a different manner.
Screening for malicious links and attachments
Everyone knows that attachment and links should not to be opened if the sender is unknown or not trusted. But mistakes happen and without intending to, employees can click on malicious links or open malicious attachments. There is also the risk of a trusted sender being hacked themselves. You need to ensure that you have an extra layer of protection for these scenarios.
As part of our managed IT solutions, Tivarri offers Office 365 Advanced Threat Protection. This is an email filtering service that can help protect your organisation from viruses and malware by providing zero-day protection to keep you safe from malicious attachment and links. When an email attachment is received, the Safe Attachment feature automatically opens the file and tests it in Microsoft’s sandboxed virtual environment. If the attachment is found to be safe, it will be passed to the recipient, if it is found to be malicious, it is automatically removed. With Safe Links, emails containing one or more URLs are automatically checked. If safe, the email is passed to the user’s inbox; if malicious, a warning will be displayed and clicking on the links will be disabled unless the user manually overrides this behaviour.
Does your organisation have a cybersecurity policy? Do your employees have access to this policy and fully understand the required procedures, processes, and the potential consequences if the policy is violated? Do you highlight your organisational policy when it comes to sharing sensitive information, even on social media. Does your policy include guidance for staff on how to handle sensitive information? Does it include password security controls, supplier, and vendor checks to ensure strict adherence to cybersecurity best practices? Do your employees understand how to identify, report, and respond to security issues. Do you provide employees with cybersecurity training at least once a year? If a breach occurs, do you have a disaster recovery plan that stipulates each employee’s role, especially your IT team to reduce your organisation’s response time?
Having a cybersecurity policy in place and enforcing strict compliance can mitigate the impact of a cyber breach and reduce your organisation’s response time.
Understanding your risks
There is no one-step-fits-all approach to digital transformation and no two organisations will ever have the same goals, assets, tools and needs. For some, digital transformation is simply the adoption of digital technology into everyday corporate assets, task, and processes to optimise customer experience and optimise workflow. For others, it is adopting more complex technologies such as artificial intelligence.
Whatever digital transformation means for each organisation, it is important that organisations prioritise security in their digital transformation, and not add it as an afterthought.
Data security and cybersecurity can be challenging and sometimes expensive, however, the financial, reputational, and legal risks of a cyber breach outweigh any costs. Before opting for new strategies, businesses should introspect on whether they are optimally handling their current risks and whether they are ready to face new risks. This is in addition to regular cybersecurity training, phishing simulations, and regular systems update.
Tivarri offers digital solutions to keep your business safe as you transform digitally. We understand that businesses and people want to know that the data they share is safe and protected from malicious entities.
Tivarri’s Cranberry Cloud Hosted Desktop and Cranberry Desktop are designed from the ground up to be FCA and ISO 270001 compliant, the basis for due diligence, and meet key customer requirements including accessibility, remote working, enhanced security, and data loss prevention. They include features such as multi-factor authentication, attachment sandboxing, application whitelisting, and regular vulnerability testing.
If you are considering improving cyber resilience for your small and medium business, we can work with you, advise you on a tailored cybersecurity plan and provide you with appropriate services that addresses your specific security risks. Contact us to get started.