As networks have expanded from local to wide, to the world, so too has the need to protect against threats. However, hacks and cybercrime still happen every day - not just because of the rate at which cybercriminals are keeping pace with technology, but also because users aren’t quite keeping pace with either cybercrime or technology.
While IT professionals understand the risks and know of the many threats that linger outside of unprotected networks, most of the people who actually use the systems, devices, networks and Internet aren’t quite as mindful – or aware – of cybercrime and security. Businesses looking to properly safeguard their IT environments need to ensure that their staff, who operate within this environment, know what the risks are and how to prevent them.
Security starts at home
Many people who work in an environment where they come into contact with IT are vaguely aware of the “annoying” protocols and firewalls that the business puts in place on devices and systems used. However, very few technology users apply any security to their personal devices and applications.
Luckily, most social media and other technology application vendors have put their own security measures into place, such as two-factor authentications (where, for example, a web site prompts users for their username and password as well as one-time password PIN to verify their identity.)
An organisation may have a better understanding of the risks, however, the lines between personal and business life have blurred. Users’ lack of awareness may spill over from personal to business life, impacting the business’s potential risk. Most people use their own smartphones within their work IT environment with other devices such as laptops and even wearable devices connecting to business networks.
Every device that enters a business’s IT environment is a potential door through which a hacker can penetrate the business. Despite the best boundary protection, the business needs to be able to control all points of entry that appears in their environment. But, how can businesses achieve this when user behaviour is such a variable, and people are constantly “opening new doors”?
Creating a security culture
In a world where everyone uses technology and where technology enables the business through user functionality, cybersecurity should not be just an IT concern; it should be everyone’s concern. Unfortunately, businesses cannot ensure that people are security minded at home, but they can educate their staff on the risks and create a culture where security colours every aspect of a business.
There are a few steps businesses can take to create a security culture that extends beyond simply planning and implementing controls:
Despite controls put into place by the business, users still wield their smartphones and personal laptops with very little thought to the potential threats they are exposed to and, when they are hacked, they’re often disbelieving and surprised.
It’s important for anyone using technology at any level to educate themselves on the risks of cybercrime and how to avoid incidents such as identity theft and fraud.