How can CISOs maintain organisational privacy in a technological era?
It is not just CISOs that fear cybercrimes and digital threats, security leaders and safety officers share in this anxiety as cyber threats increase among multiple channels such as the web, social media, and mobile devices.
These threats increase by the influx of attacks, targeting the technology that has become a core part of our lives. With the continuous emerging technologies and millennials entering the workforce every day, CISOs need to be aware of the security risks and challenges facing them – and constantly testing their applications, networks, and physical sites to detect new vulnerabilities before cybercriminals do.
Preserving organisational privacy is imperative; therefore, CISOs must maintain defenses and always monitor threat intelligence as employees rarely consider the risks associated with using technological equipment in the corporate environment. For organisations that do not have a senior CISO (which is the case for most mid-size enterprises), CISO as a Service is essential.
Creative, innovative and entrepreneurial millennials – why CISOs are concerned
According to Thom Rainer and Jess Rainer, writers of the book The Millennials: Connecting to America’s Largest Generation, approximately 78 million births took place between the years 1980 and 2000. Thus, millennials are making a vast impact on businesses, the workplace, schools, and other establishments. Millennials are digital natives born in the era of smartphones and having the ability to multitask while being resourceful and pragmatic. An exploratory analysis done by Deloitte’s annual Millennial (Generation Y) survey found that the millennial generation would encompass 75% of the workforce worldwide by 2025. With millennials forming the majority of businesses worldwide, it is essential for CISOs to consider the technological risks that millennials bring with them when entering the workplace. A vital aspect of this is knowing what to do to maintain organisational privacy in this technological era.
Technology and its ability to overpower user’s privacy
Technology is omnipresent in millennials workplaces, and therefore, CISOs work environment as well. Millennials who generate and contribute innovative and practical solutions require business executives, managers, and directors to ‘keep up with’ and meet their expectations for them to continue to develop and cultivate their skills. However, even though millennials have mastered the knowledge of technology, they do not always consider the cyber risks and cyber scams associated with it. Their comfort and ease using technology make them complacent which result in corporations having to deal with numerous security challenges.
Preventing cybercriminals from gaining access to private networks previously involved implementing perimeter defenses and continuously monitoring threat intelligence. However, in today’s day and age, this is not enough. Employees need to continually keep up with security training and cybersecurity awareness if they are to assist in keeping their companies’ databases virus and threat free.
How CISOs and security teams can avoid the risk of employee negligence
An employee’s negligence and carelessness with technology increase insider threats that CISOs have to deal with on a daily basis. Cybercriminals know that employees are prone to falling for scams and will often use this knowledge to their advantage. Cyber-security risks increase dramatically as many employees use the same devices and passwords for both personal and professional purposes. These actions leave business IT networks, systems and, devices vulnerable. Due to the increase in employee negligence, cybercriminals are focusing and relying on exploiting human error as opposed to gaining access through technological means.
Due to this, CISOs and security teams need to monitor and be aware of the device’s employees are using. Necessary precautions must be taken to secure these devices and to reduce the risks.
Five common patterns and trends that CISOs need to focus on to minimise security risks
CISOs need to take note of the following five habits and behaviours if they are to maintain privacy and security within companies.
1) Phishing scams via email
Cybercriminals regularly use phishing in emails to gain access to sensitive information such as social security numbers, credit card details, and passwords. Cybercriminals use graphics in emails that appear as though they come from legitimate enterprises like your bank or university. These emails usually ask you to insert credentials or click on a link. Once the user clicks the link they are sent to a spoofed website and any information provided is used to commit identity theft. Secure email gateways must be used by CISOs to minimise the chance of phishing attacks.
2) The risk of working remotely
Often, companies will allow employees to work from home as they feel this increases productivity. Employees working from home, however, can leave a business at risk to cyber-crime and attacks. Due to this, it is vital for cybersecurity policies and procedures to include remote working conditions.
CISOs must manage remote workers and make them aware of the risks this type of working poses to a company’s security. All devices used by employees need to be inspected to ensure they have secure access points and VPNs.
3) Using the same passwords
Organisations must have strong password policies in place and employees should use a variety of passwords when accessing websites and security domains. However, many employees do not do this and often reuse passwords which weaken security and enables cybercriminals to access numerous sites, accounts, and confidential information.
CISOs should emphasise the use of new passwords, especially in corporate environments. Restricted employee network access can also be implemented to help with security risks.
4) Social Media
Social media policies are vital for companies to have, and CISOs must enforce them. Cybercriminals regularly use social media to gain access to sensitive and private information. To monitor this risk CISOs must install programs such as antimalware and firewall solutions. Employees additionally need to undergo security training to understand how everything works.
5) IT monitoring
CISOs and security teams must always monitor what technology employees are using. By not having the ability to approve what confidential information moves between networks and folders, you are putting your company’s sensitive data at the risk of being leaked. Tools such as endpoint protection and web application firewalls need to be installed to monitor everything.
CISOs must use the tools available to them to minimise the risk of security breaches within the organisation.
The continuous use of technology adopted by employees poses risks to businesses daily. So, CISOs and security teams have to monitor these threats and technological trends regularly. Management and employees also need to make use of security training to reduce threats. Solutions to all the security risks mentioned are possible through continued awareness and knowledge.
At Stickman, we provide fully Managed Security as a Service for Australian organisations aware of some of the risks outlined above, who want to assure organisational privacy and protect both customers and staff. Reach out to us for a confidential discussion, and assessment of your cyber risk.