The Meridian Blog: Tech News, Tips & More for SMB and Enterprise Environments

IT Can No Longer Guarantee Cybersecurity

Juliana Lee

Posted by Juliana Lee
Tue, Jun 21, 2016

Traditionally, cybersecurity, and everything related to it, has been almost totally relegated to IT departments and/or outsourced IT/security providers. Those technical teams worked tirelessly to secure company networks and data by combining a variety of measures, including firewalls, antivirus software, mobile device managementdata loss prevention tacticshardware and firmware updates, etc.

And, while that worked for a while, hackers wised up social engineering opened network back-doors, BYOD made it hard to secure endpoints, new malware and encrypting ransomware sprung up everywhere, and even USB drives became suspect — and traditional cybersecurity measures are simply no longer enough.

IT alone can no longer guarantee cybersecurity and protect your network from all threats. Why? Hackers have gotten really good at exploiting your biggest and most numerous vulnerabilities: unsuspecting employees.

Read on to learn more about this shift, why it's so important, its worldwide impact on businesses and governments, and what you can do to fight back and bolster your organization's security.

RELATED: Recent Data Breaches May Push Congress to Act

The Problem

Despite today's constant stream of national news coverage about security threats and breaches, many businesses still focus their cybersecurity programs solely around IT protecting their infrastructure perimeter and device endpoints. After all, that's what they've always done and it's what industry best practices dictate, since that’s where cybercriminals traditionally first gained access to wreak havoc on a company’s digital access.

However, it’s also important to consider what happens when a threat bypasses perimeter defenses and targets an employee — in the form of a malicious email, text, phone call, or even a voicemail that might prompt an employee to respond with confidential company information. For example, these 3 common office supply scams rely heavily on data gathered through the phone, and cost businesses millions each year. Imagine how easily a hacker could not only leverage that for money, but also for access to critical confidential and proprietary business data.

RELATED: Helpdesk Tech Support Scams Target Businesses in the DC Metro Area

There’s also the possibility of an offline attack from inside the office, where an employee or an office visitor might gain access to valuable data by quickly taking something carelessly left on a desk. For instance, check out these 10 messy desk mistakes that threaten data security.

As an owner of a messy desk myself, I recently realized how many potential vulnerabilities I was uintentionally creating. By making some small and easy changes to my work habits, I'm happy to say I've eliminated the opportunity for a potential cyber criminal to use me as an easy target. (Although I'll admit that, while my desk, its contents, and my work habits are now secure, it may still appear to be a messy desk on most days...organized chaos breeds creativity, right?!)

Global and Local Impacts

According to a PricewaterhouseCoopers survey, in 2014, 69% of business executives expressed concern about cyber threats, including a lack of data security. In 2015, an updated survey increased that number to 86%. These numbers illustrate the increasingly urgent need for better cybersecurity.

The issue is not going away anytime soon. If anything, it’s only getting worse. In fact, stronger cybersecurity has become a global priority over the last few years, as hackers penetrate the IT infrastructure of government and enterprises with increasing frequency and sophistication.

RELATED: Best Practices to Fight Phishing and Next-Generation Malware

According to a study conducted by the Identify Theft Resources Center, the total number of reported data breach incidents in the US grew from approximately 400 in 2011 to approximately 750 in 2015. This increase of over 60% doesn't even include unreported (but no less important) breaches — a figure that is likely much higher.

When you add in the ever-growing Internet of Things (IoT) and the explosive prevalence of mobile devices and BYOD, the threat landscape and potential for data leaks is even more significant. In fact, data shows that, even in organizations that have proactively created policies to minimize the risks related to the bring-your-own-device culture that is so prevalent in today's workforce, employees still may be the single biggest threat to BYOD security.

RELATED: Why DC SMBs Need an Internet-of-Things (IoT) Strategy

The Need to Educate Employees About Cybersecurity

All that being said, IT alone no longer has enough control to guarantee or be held accountable for all aspects of cybersecurity on its own. Moving forward, one of the biggest factors to securing any business network is educating all employees about best practices for security. Employees need to practice strict and secure cybersecurity habits — not only to thwart digital attacks, but also to prevent someone from simply walking by their desk (in the office or at home) and picking up a device or document that contains sensitive information.

I can’t stress enough the importance of security awareness training for internal employees. Educating them on what it takes to protect proprietary documents and data is critical. Any leaks — unintentional or intentional — could hurt the business in the form of information that assists a competitor, violates compliance regulations, or harms the corporate image. Leaks can also hurt employees from the standpoint of personal information that might be exposed.

RELATED: The Real Cost of System Downtime

Lastly, customers and business partners could be at risk, compromising the industry reputation of any business that does not properly protect confidential information. It only takes one incident to completely destroy any goodwill you established and built with your customer base.

Get started on the path toward better security today by downloading our free eBook, Cybersecurity Tips for Employees: The complete guide to secure behavior online and in the office. This eBook is packed full of security research, data-driven tips, and easy changes and best practices that any employee can implement to do their part for company security. In fact, we recently used this guide ourselves to educate Meridian employees and clients about cybersecurity. Don't risk your organization's security by assuming IT has it all covered — educate your employees today.

Cybersecurity Tips for Employees CTA

Juliana Lee

Juliana Lee

Juliana Lee, or "JC," as many Meridianites know her, started working at Meridian as an intern in 2007. Today, through her company, District SMARKETING, she oversees the strategy and management for Meridian's marketing communication programs. She is a University of Maryland aluma (Go Terps!), who loves writing, design, technology, traveling with her husband Logan, and her maltese named Bear. Learn more at www.districtsmarketing.com.

Connect with me here:

Ready to Become a Pro?

 Our White Paper can help.

whitepaper-4-key-elements-for-building-your-technology-road-map-thumbnail-3Subscribe to our blog and get your copy of "4 Key Elements to Consider When Building Your Technology Road Map"

You'll learn:

  • What role people play in determining your road map
  • How to build a plan in a multi-device world
  • What types of applications need to be considered
  • How data plays a key role in success

 

Subscribe to get your copy

Leave A Comment

About this blog

News, best practices and more to help you get the most out of your office technology. Whether you're an SMB owner who wears a lot of hats, or an enterprise IT director, facilities manager or just someone who wants to work smarter — this blog has the resources you need to maximize the business impact of all your tech investments. Be sure to subscribe to receive email updates about new posts!

Download our eBook

 
DM_Workbook_Cover_Page.jpg

Download

Sort Posts by Topic

see all