By Gibu Mathew, VP and GM, APAC, Zoho Corp
Cybersecurity threats are not only growing in number, but they are also becoming more sophisticated. Despite this continually evolving threat, EY notes in a recent report that more than half of organizations worldwide do not prioritize protection efforts within cybersecurity budgets. This is especially troubling in Southeast Asia (SEA) where cybersecurity preparedness levels are scattered along the spectrum from underdeveloped to advanced, a fact that hackers are exploiting.
In order to prevent the most successful types of breaches — phishing and malware — companies need to be more proactive in protecting the network and the valuable data it contains. IT departments can begin to ensure the safety of data by taking these five steps.
Have you read “4 reasons SMEs should embrace cloud collaboration”?
Ensure that cloud and application vendors are following data security best practices.
The responsibility for securing information does not end when it is transferred to the cloud. As a result, it is critical to choose software and platform providers who take security seriously and have developed a comprehensive set of practices, technologies, and policies to help ensure the data is secure. That means selecting providers that have security certifications such as ISO/IEC 27001 and SOC 2, provisions for redundancy and business continuity, network security, and protection measures for data centers.
Offer cybersecurity training to employees.
According to the latest Global Encryption Trends study, employee mistakes are considered a greater threat to data security than external hackers and malicious insiders. This underscores the urgent need to train employees in appropriate ways to handle company information, particularly as many organizations are employing more remote workers. Conveying simple tips, such as resetting the passwords of all other online accounts when prompted to change it on one site and using unique passwords for each site, can go a long way in preventing security breaches. As PwC notes, training and educating employees to “act as the first line of defense” will help to reinforce the organization’s cybersecurity efforts.
Ensure the security and privacy of information in the cloud.
In any business, there are vast amounts of confidential files that are sent and received each day. Cloud storage can help keep these files within a more controllable data boundary layer needed to help an organization maintain the confidentiality and security of the data. For example, IT departments could have online file management software that allows them to restrict documents from being shared outside the organization and also specify users who can access sensitive information based on their IP addresses or cause a file shared to the public to expire after 30 days. This level of control can be an additional layer of safety for the company’s confidential files and highly sensitive parts of the business like Legal, HR, and Finance by making it unnecessary for an employee to download the document to a local device.
Focus on the strength of company passwords and employee credentials.
Having passwords to protect access to the network and information is a given, but if these passwords are easy for hackers to guess, the team’s protection efforts are wasted. Tools to help IT teams generate strong passwords and also identify weak passwords can help eliminate them, strengthen the security of online accounts, and protect data from cybercriminals. Documents shared outside of the organization can also be password protected, so that files are delivered safely, and equipped with an expiration date to make the password invalid after a set period of time. As a standard best practice, ensure employees change and use passwords for the cloud business products even though it may not be mandated by the software service itself.
Make a protocol for how the organization controls and manages passwords.
Organizations should also consider an online password manager to manage all of the organization’s passwords effectively. Although passwords are not meant to be shared, business requirements often demand selective sharing of passwords with others, which can pose a risk if employees leave these passwords on sticky notes or on personal email as they may have access to privileged information. IT departments should clearly define password ownership internally and enlist the help of software solutions to create audit trails when a shared password is used. Alerts should also be sent to the owner of the password or the IT department leader when the passwords of sensitive resources are accessed. At any point, IT administrators should have a clear picture of who is accessing which passwords.
Additionally, automated solutions can help employees safely share passwords with colleagues as needed. The organization’s IT policy on password usage should be strictly enforced. Solutions are available to help IT departments securely store passwords in a centralized vault and share passwords in a completely invisible manner, through a web interface using browser plugins, as an example.
While cyber threats do not appear to be abating in the near future, IT administrators and teams can be proactive in protecting valuable and sensitive company data with online, cloud-based solutions that aid teams in the management of enterprise passwords, monitoring of employee activity and securing of documents shared with other employees and external partners in a layer that is akin to being the operating system for a business. Taking these steps will ensure that companies are prepared for the barrage of breach attempts that companies face daily, and can quickly identify and trace attacks when they happen.