Like it or not, 2020 will be remembered as a disruptive year. As we mentioned in one of our previous blog posts, the arrival of the COVID-19 virus has impacted every type of business in all corners of the world. The pandemic threw a wrench into our day-to-day operations and forced us to double down on digital transformation and digital innovation.
Regardless if you were ready to introduce change to your operations or not, you didn’t really have a choice.
Anyone who wanted to stay in business needed to quickly adapt to the new terrain, enable remote work, move a great part of their business to the cloud, and figure out how to survive in the digital world.
This, of course, created a whole lot of new problems.
Cybersecurity problems, to be precise.
Zoom, for instance, is just one out of many companies that have fallen victim to poor cybersecurity. In case you didn’t know, Zoom is facing class action lawsuits because there were numerous violations of the CCPA.
In addition to companies failing to meet modern cybersecurity standards, many businesses have fallen victim to cyber attacks simply because hackers sensed blood in the water. According to CNBC, the Middle East, specifically the UAE, has seen a 250% increase in cyberattacks. Hackers are taking advantage of the recent spike in digital adoption and they are attacking businesses that still haven’t fully figured out how to keep their most important data safe.
In 2021, Cybersecurity breaches and incidents will remain among the top concerns for businesses of all size and stature around the globe. According to Cybercrime Magazine, close to 6 trillion dollars (yes, you read it correctly) will be lost by the end of 2021 due to cyber crimes.
Since the digital landscape has drastically changed during the last two quarters of 2020 and cybersecurity continues to grow into a bigger problem every day, we at Share It have decided to revisit this topic on the blog and provide a sort of a “survival guide” that you could follow to become impervious to standard cyberattacks in 2021.
Without further ado, let’s get started.
Even though this sounds like basic advice, we feel the need to underline this whenever we talk about cybersecurity with our customer. Yes, the world has changed during 2020 and yes, we are now obliged to enable people to work remotely.
However, a lot of modern security issues come from the same old tricks that we have already talked about in this blog post a while ago. Phishing, CEO spoofing, and poor infrastructure are the main threats that can jeopardize your business.
In the “new normal”, people that lack knowledge about cybersecurity tend to use their personal computer for work without a VPN and they scratch their heads when someone mentions two-factor authentication. Taking care of a few emails before bed on your personal laptop might feel like a “no biggie” moment, but it’s not. By doing this, you are exposing yourself and your company to risk.
Personal computers are usually the best type of prey for hackers because they could be compromised by a third party. Employees may not be aware about the potential problems they could cause to a company, and hackers take advantage of that.
To keep information confidential, companies need to invest A LOT more effort in 2021 in cybersecurity education. They need to build policies and measures that employees can follow explicitly.
In their cybersecurity policies, most companies should insist on the following factors:
To make sure that people are mindful of the potential presence of third parties when sharing important business information, they need first to learn about the risks that come if they don’t follow the security protocols.
In addition to direct guidance when it comes to cybersecurity, people need to understand the WHY behind everything they’re doing and how their behavior impacts the security of the company they work for.
Cybersecurity training shouldn’t be a luxury. It shouldn’t be a crash course for people who administer websites either. Regardless of the role or position in the company, every employee should go through information security training during their onboarding. Despite the common opinion, cybersecurity training doesn’t have to be boring. You can hire an external party, i.e. pay for video courses.
One of the ways to ensure they actually go through the training is to include quizzes and underline that skipping training videos will not mark them as completed in the end. Making cybersecurity a crucial factor during the onboarding process will significantly reduce the number of “weak links” within the team. It will also teach incoming talent that cybersecurity is a “shared responsibility” and that this is something that makes and breaks the entire business.
Disaster recovery requires a lot of careful planning in order to make the DR plan effective. Companies may make a mistake by thinking it’s enough to simply document procedures in case security vulnerabilities get identified when in reality - real drills, testing, and continuous updates and training should take place.
The DR plan must have detailed immediate, intermediate, and long-term responses described in order to prevent financial losses and legal repercussions due to data breaches or hacker attacks such as ransomware.
Traditionally, businesses needed a dedicated, physical facility for the entire IT infrastructure, huge servers, complex network infrastructure, and strong connections with huge bandwidth. Today, there is a better way to monitor and manage DR. You guessed it - by using the cloud.
At Share IT, we already wrote about the pros and cons of AWS and Microsoft Azure, but more importantly - we took a deep dive into Azure’s security. Microsoft Azure has a layered approach to physical, infrastructure, and operational security, which makes it one of the most secure cloud solutions on the market. Given the fact Microsoft has more than 3500 cybersecurity experts who take care of the infrastructure 24/7, you could say you’d be in safe hands if you decide to opt for Azure.
Cyber attacks happen in a blink of an eye and, as we wrote above, uneducated people (usually, new employees) often fall victim to the hackers. The thing is, they are laser-focused on making a good first impression, so cybersecurity is not really their top priority. That means they might be careless about things like physical security, password safety, or other bad practices that hackers know how to exploit.
Remote-first work setting has brought additional security challenges, but with the right measures or even by investing in bulletproof internal software - you can successfully manage IT risks.
If you need a partner that will help you enhance your cybersecurity, look no further: we at Share IT will gladly share our best practices. If you want to find out more about data encryption in SharePoint or how the cloud safeguards your data - we’re more than happy to discuss your project. Contact us today for more information.