By Tina Stewart, VP for Global Market Strategy at Thales
Disconnecting from your mobile device, laptop or tablet can be as good as a holiday. Simply taking a pause from emails and social media in favour of a good book or conversation is known to increase your mood and life satisfaction – but it’s also a chance to step back and re-evaluate our online usage.
In my family, we regularly ‘unplug’ and use the opportunity to discuss cyber awareness and topics such as the risks to our family information, how we can improve personal safety, and what are we doing to prevent identify theft.
While unplugging isn’t an option for all businesses, the notion of stepping back to give your company time to evaluate cybersecurity preparedness can be highly beneficial. With increasing data breaches and unsuspecting users more vulnerable than ever before, cybersecurity situational awareness has never been more important. Yes, we have come a long way – evolving from knowing what websites are safe or not – but it’s time for a radicalized approach.
A new generation of workers is also on its way in. They grew up with iPhones in their pockets and tech ready minds. They’re more digitally savvy than their older colleagues and already have a strong understanding of the importance of cybersecurity. Within an organization, they expect a high level of security and privacy – just the same as customers who assume that their data is being protected.
With the current global climate requiring more businesses to work remotely – and an increasing number of employees working from home – I encourage all companies to take a moment to reassess how well they’re doing and look into what further steps they could take to better protect themselves, their employees and their customers against hackers.
1. Know the ‘where’ and ‘what’ of your dataBefore implementing any long-term security strategy, CISOs must first conduct a data sweep. Discovering where all data is stored will not only help identify the types of data, but pinpoint where the most sensitive information is kept. It’s impossible to protect data if you don’t know where it is.
2. Protecting sensitive data is the keyThe 2020 Thales Data Threat Report Global Edition found that no organisation is immune from data security threats, with 49% of global respondents experiencing a breach at some point and 26% having been breached in the past year. Technology such as encryption will provide the last and most important layer of defence for data, rendering it useless if hackers break in. Whether it’s stored in a company’s own servers or the cloud – encryption must be used to protect sensitive data.
3. Secure encryption keysEncrypting data creates an encryption key – a unique tool used to unlock the encrypted data, making it only accessible to those who have access to the key. Storing these keys safely is crucial and needs to be done offsite in hardware appliance to ensure they aren’t located in the same place as the data, putting both at risk.
4. Pass on passwordsThe next step is to employ strong multi-factor authentication, ensuring authorised individuals can only access the data they have been allowed to access. Two-factor authentication requires an extra layer of information beyond simple user names and passwords. Multi-factor authentication takes this a step further by requiring additional piece of information such as a one-time passcode.
One of the most important lessons businesses should take away is that they need to foster greater conversations around safe cyber practices. An informed workforce is a smart workforce and essential to the security of businesses in cutting the risk of cyber intrusions. Empowering both our families and our organisations to be vigilant against threats and implement best security practices will go a long way in improving cybersecurity.