In the last 12 months the challenges of keeping business cyber-secure has evolved dramatically, as we accelerate and change, the way we use IT business must adopt a tiered, 360 degree approach to protecting data, the organisation and its people from these challenges. The old way of doing things or “a minimum viable defence” approach is unsustainable in 2020.
In July 2019 ACS commissioned YouGov to conduct our first Agile Working survey, one of the questions was “how often do you work from home, if at all?”
48% of the UK workforce said that they never worked from home, with only 22% working from home once a week or more (just 4% everyday).
The ONS survey in April 2020 showed that 46.6% were working from with 86% of those doing so due to COVID.
Now clearly as Lockdown restrictions evolve many more people are returning to offices, but even then, a mix of home and office-based attendance is likely.
Throughout March and early April British business rapidly stood up remote working solutions, issued notebook computers on mass and adopted (or accelerated adoption) of collaboration tools. Understandably businesses were less concerned about security than being able to continue to operate.
What this means is that right now we have workforces operating in new locations, potentially outside the easy reach of IT teams using unfamiliar systems that may not have been configured and selected as robustly they might otherwise have been.
When somebody is setting up a video conference call for a sensitive meeting is that call being configured in a secure way? Are there steps in place to prevent unauthorised participants joining? What about the content shared and created in those calls? Where is it stored and who has access to it?
If somebody is running late for a video conference call on an unfamiliar platform and that reminder email pops into the inbox when they click the link to join, are they tapping in passwords into legitimate pop-ups or is it a whaling or phishing attack?
How are we managing data, have we granted home workers the option to bring their own device? How do we know that device is secure? Are people using personal email accounts for confidential business? Do they have multi-factor authentication on those accounts?
It goes on and on, we’ve all had to be flexible in our approach and in some instance are reliant on the security of systems outside of our control – I understand that last year’s compromise of a government document covering trade negotiations between the US and UK stemmed from a whaling/phishing attack on a government minister’s personal account.
This demonstrates that it is no longer enough to rely on MFA on corporate accounts but that the data itself must be protected, systems like Azure Information Rights Protection can help throw a defence around sensitive documents where-ever they may travel.
The threats are increasingly sophisticated and so business requires a sophisticated cyber resilience strategy as well. This isn’t just about preventing a breach but also having the capability to quickly recover if it does occur.
When multi-national giants like Garmin are apparently paying malware ransoms it speaks not just of a cyber-security breach but also a disaster recovery failure. I’m not for one moment saying that recovery on the scale Garmin will have faced is anything short of incredibly challenging but clearly facing the prospect of having to perform a full disaster recovery operation is no longer planning just for “what if the building catches fire”.
We at ACS have developed a set of cyber security solutions that we believe compliment each other and work together. Our security portfolio is not just a list of products that we sell under the banner of “security”, but a carefully curated model or roadmap that takes businesses and allows them to progressively improve their security stance in an integrated and thought-out way.
Our Security as a Service offering means that having a mature, highly sophisticated cyber-security strategy doesn’t require the mega-budgets of large enterprise organisations, but can be delivered at an affordable per-user-per month basis.
And when it comes to recovering from a disaster if the worst should happen ACS and our sister company Datastore 365 have been building Disaster Recovery as a Service solutions for almost a decade.
By Stephen Harley, Presales Director at ACS