The new decade promises newer technologies to improve the way we live and work. From automation to predictive technology, daily routines be it at work or home are becoming more agile for us. Today, we can do almost anything with our mobile devices. At the same time, our reliance on our devices at work or home has lea to over-dependence on such devices.
In fact, most of us feel insecure whenever our devices run low on power or we are unable to get a steady connection to get stuff done. From the moment we wake up till we call it a day, our device is part of our lives. Even kids today prefer tablets and mobile devices compared to books and toys.
Businesses are aware of the amount of time we spend on our devices, which is why most organisations now make their services available for you all the time. If you’re not using your mobile device during work, you’ll probably be hooked on social media sites or online shopping sites on your office desktops. While some companies have blocked access to such sites, employees still find a way to access them or just end up using their mobile.
Cybercriminals see this as an opportunity and make the most out of it. Most organisations know the importance of cybersecurity. Even if they do not have the biggest budget for cybersecurity, they ensure their company has adequate protection for basic threats. But if a company still refuses to acknowledge the importance of cybersecurity in 2020, they are basically just leaving their doors open to any form of attack.
The challenge with personal devices
Because we are so dependent on our devices, cybercriminals are now targeting us directly to get to our organisations. With workplace mobility becoming a norm, most organisations allow their employees to use their own devices for work. In some cases, laptops are provided by the organisation, but employees still use their mobile devices to get work done. The problem with this is that you are basically allowing your employees to mix their personal data on their own devices with your company data. Yes, your company data may have the protection it needs. But threats can come from anywhere these days.
If your staff is using a public network in a café to access company emails or data, they are opening the door to vulnerabilities if they do not have endpoint protection. Public networks are known for their weaknesses and can be easily exploited. At the same time, let’s say your employees receive a malicious email on their personal account on their mobile device, which also receives company emails. Chances of the malicious content affecting your company email are high.
And it's not just devices. Phishing emails on office desktops have often proved to be an entry point for most malicious content or ransomware for organisations. Companies continue to educate their employees to not click on suspicious links or open suspicious emails. But human curiosity will always lead us to do so. We are always told to just ignore or delete such emails. Even if the email seems too good to be true, and you know that the content is malicious, the curious feeling in you will just want to open such email.
Thousands of victims can relate to this. It is always the curiosity that got to them. And the scary part is, in some cases, the same person becomes a victim more than once. So are humans the weakest link in cybersecurity?
While the evidence would clearly show that, the fact that remains is organisations are still not enforcing enough education on these threats. Most cyber breaches are caused not because of software issues but because of human errors. For companies that allocate a huge budget on cybersecurity, they sometimes need to also go back to the basics, which is educating employees.
So what can you do to ensure your organisation is not compromised? It’s basically down to these;
Ensure devices are patched with protection. Be it company devices or personal devices; organisations need to ensure these devices have some form of security to detect and protect their data.
Have visibility over connections. Companies need to know who is accessing their data from where and on what devices.
Education and Security tests. Send out mock emails and see which employees are vulnerable to this. Ensure educate training is given to all employees on cybersecurity. Train employees to use different passwords for work and home devices.
Ensure cybersecurity software is updated. The most important is to ensure your software have the latest patches. Run tests constantly.
At the end of the day, your organisation may have the best cybersecurity plans but if your employees are vulnerable and easily tempted by suspicious emails and links, it's going to be a challenge in ensuring your company is fully secured.