Only two thirds of organisations consider themselves at risk from cyber attacks
Report says a fifth intend to reduce their data security spending
Despite an increased risk of cyber-attacks from those seeking to capitalise on the Covid-19 crisis, a new report has indicated that European organisations have a false sense of security when it comes to protecting themselves, with only two-thirds (68%) seeing themselves as vulnerable.
The 2020 Thales Data Threat Report - European Edition, which surveyed over 500 European executives, has revealed that seven in ten organisations (68%) feel vulnerable to attacks, down from 86% in 2018, despite over half of businesses (52%) having experienced a breach or failed a compliance audit in the last year.
Shockingly, a fifth (20%) intend to reduce their data security spend in the next year, even though more employees are working from home than ever before due to the virus. In many cases, employees are using personal devices which don’t have the built-in security that office systems do. This significantly increases the risk of sensitive date being compromised.
Nearly half (46%) of all data stored by European organisations is now stored in the cloud, and with 43% of that data in the cloud being described as sensitive, it is essential that it is kept safe. But according to the report, 100% of the businesses surveyed report that at least some of the sensitive data they are storing in the cloud is not encrypted. Only 54% of sensitive data in the cloud was reported to be protected by encryption.
Despite the threats, the report revealed that 40% of businesses feel that the complexity of their environments is holding their data security capabilities back. Multi-cloud adoption is the main driver of this complexity; four-fifths (80%) of businesses are using more than one IaaS (Infrastructure as a Service) vendor, whilst a third (29%) have more than 50 SaaS (Software as a Service) applications to manage. Businesses also identified a lack of budget (30%), staff to manage (28%) and organisation buy-in/low priority (25%) as other top blockers.
What steps should your business be taking to protect itself?
There are several things organisations can do to mitigate against cyber threats. Most are easy to implement and can help businesses to protect employees working remotely.
These include ensuring easy remote access IT support during working hours, providing regular, clear, advice on official guidance, ensuring all devices offer sufficient security software protection, banning the use of public Wi-Fi networks without sufficient security controls and limiting work in public spaces wherever possible.
Maintaining good cyber hygiene, verifying sources, and using official updates can also help businesses stay safe.
Review your policies and procedures
There are numerous HR policies that your business can put in place to ensure smooth and secure home working. Whilst you are not under strict legal requirement to implement these, it is best practice and can help you to streamline your processes.
A working from home policy can set out your expectations for your staff whilst they are working remotely, including in relation to data security and confidentiality.
An IT security policy can include requirements as regards to passwords, the physical security of devices and protocol around installing software. If you already have an IT security policy, you should review it to make sure it is fit for purpose. The use of two-factor authentication is recommended wherever possible.
Train your staff
Individuals are a key target of cyber-crime so remind your staff to be alert and make sure they are aware of the risks to look out for. This may require you to recirculate your policies, refresh their training on relevant security procedures or to circulate specific examples of Covid-19 cyber-crime.
Make sure your staff know what to do and who to report to if they identify a cyberattack or they think there might have been a data breach. Not only might an attack put your business under threat, but it might create legal obligations for you under data protection law.
Provide IT support
Your staff may be working from home, but they’re still likely to need access to IT support. Check whether your normal support will continue whilst staff are working remotely, and make sure you update staff if there are any changes. If support is readily available, IT vulnerabilities are more likely to be flagged quickly.