October is Cybersecurity Month – a chance for businesses and individuals alike to educate themselves on protecting data against a growing number of threats. In the spirit of the month – and to support our readers’ cybersecurity endeavours – we’ve chosen to share five things every business needs to know about cybersecurity.
Cybercrime is up 63%, Silicon Valley giants are being caught up in data scandals, and commentators are declaring it the era of zero trust; it should come as no surprise that cybersecurity has found itself so high up on the list of priorities for businesses across the globe.
Of course, cybersecurity isn’t always the most straightforward arena, and many business owners – even those who openly acknowledge that they need to take action – stall at the sheer immensity of the task ahead of them.
That’s what makes Cybersecurity Month such a fantastic opportunity: individuals and businesses can be made aware of resources, brought up to speed on the latest solutions, and take a keen eye to their own cybersecurity.
The following are just a few things you need to know this Cybersecurity Month – and beyond. Settle in and be sure to check back on our news section to keep up to date!
1. There Are More Data Breaches Happening Than You Think
Since 2013 – when the Breach Level Index began its real-time recording – almost 14 billion records have been lost or stolen in cybersecurity breaches. Of these breaches, only 4% have ever been ‘secure’: a breach where encryption was used, rendering the stolen data useless.
This number is staggeringly high, and just goes to show that although you may think that nobody would ever want your data, the likelihood that you’ll be targeted is, unfortunately, just as high as Facebook.
2. MFA is The Way to Go
MFA – or multi-factor authentication – has been growing in popularity for some time now, and it’s easy to see why.
The faithful password has lost its allure over the years, with 67% of UK survey respondents admitting to inputting passwords up to ten times a day, and 2% even logging in 50+ times a day.
Because we simply can’t remember them all, many passwords find themselves recycled across different accounts or scribbled down on post-it notes. Factor in recent data breaches and the impact they’ve had on user security, and the nails are truly being hammered into the password’s coffin.
This is where MFA offers a fresh outlook. By using a combination of the traditional password alongside authenticator apps, biometrics and many other potential credentials (or ‘factors’), users can log into applications securely with MFA. This way, even if a password is stolen, there are extra layers of security to keep sensitive information safe – buying precious time to secure accounts.
3. GDPR is Getting Serious
Remember the panic ahead of GDPR, when businesses were fretting over compliance and your inbox was suddenly flooded with requests for consent? At the time, the ICO made it clear that it wasn’t expecting small businesses to be completely ready by the 25th May deadline.
They stuck to their word, with the ICO zeroing in on bigger companies who were in breach of GDPR guidelines, such as Bupa– with others like British Airways and social media giants being circled for punishment after various data breaches.
For businesses not so accustomed to the limelight, now is the time to build trust, get your house in order and be prepared for when the ICO’s scope widens beyond Silicon Valley and the big offenders.
Currently, the fines for a data breach stand at up to €20 million or 4% of your annual global turnover (whichever is higher), and companies are legally obliged to report data breaches within 72 hours of them happening. If that’s not motivation enough to avoid GDPR’s wrath, we’re not sure what is.
4. Joiners, Movers and Leavers Present a Security Problem
Did you know that one of the greatest threats to your security comes from within? Yes, the people in your organisation – usually through no fault of their own – represent one of the greatest security challenges thanks to traditional joiner, mover and leaver (JML) processes.
When somebody moves throughout the organisation, they are naturally granted additional access to sensitive documents and information. Following the traditional process – usually manual and involving much paper-based communication between IT, HR and managers – movers can gradually amass inappropriate access to documents across the organisation.
Meanwhile, employees leaving the company aren’t always automatically de-provisioned, meaning they still technically have access to the company’s data. It’s a huge risk, and one that can be easily resolved by implementing an effective, automated system.
5. Cybersecurity Needs to be a Focus All Year Round
As identity and access management experts, we love the idea of Cybersecurity Month, but we also know better than to only pay attention to cybersecurity during one month of the year. The reality is that businesses and individuals need to make cybersecurity a year-round focus, securing their personal and organisational data from outside threats and exploring solutions to support those actions.
It’s true that the threats may keep evolving, but as frontline IAM experts, we also recognise that solutions are keeping up – and are more than capable of keeping businesses one step ahead.
What will you take away from #CybersecurityMonth? Tweet us what you’ve learnt at @IdentityExperts.