The guide to workplace security
Organisations both large and small are striving to understand their people better so they can give them more opportunity to be productive and put into their hands the technology that they need, and are familiar with in their daily lives. That kind of tech is good morale and productivity, and is great for a company’s bottom line.
There’s an ulterior motive, too. If your business fails to keep pace with innovation, you’ll ultimately be left behind.
It was in last year’s, rather than 2019’s ‘O2 Future Trends’ report, that the futurist Graeme Codrington said: “Within two years, if you are not mobile-first (which naturally implies cloud-first) you might be too far behind the curve to catch up… We can expect that tomorrow’s employees will expect to be able to use the same level of technology at their workplace as they do at home. That means mobile-first, AI, natural language processing and staying always connected.
“We joke about how Wi-Fi should now be the foundation layer for Maslow’s Hierarchy of Needs. But the time is coming when transport, work, medical treatment and civil liberties are all so reliant on the internet that connectivity will be as much a human right as running water and electricity. Now is the time to seriously question the legacy IT investments that are holding you and your people back, because waiting is a costly game. Implementation cycles are being shortened from five years to five months, because of the risk of obsolescence over time.”
A landscape of growing threat
Sadly, as companies empower their people more and unlock the good that the cloud and mobile advancements have to offer, there are those out there using the self-same technologies for their own ill gains.
“In 2017 hackers made a lot of easy money and caused huge disruption as a result of UK business missing the basics when it comes to securing data. Most of the breaches I read about in the press could have been easily prevented by taking a more proactive approach to cyber security and following the government’s guidelines,” wrote Dean Thomson, cyber security specialist at O2.
Whether it’s ransomware, malware, cyber crime, physical theft or something else – it feels like a new threat emerges every day. The media is littered with horror stories about data breaches, security blunders and tech tales of woe, so how can you avoid being next – and keep your people happy?
Follow the money
Security is big business. Analyst firm IDC predicts spending on security software, hardware and services will reach $120 billion by 2020. That’s a lot of money going towards fighting a real and growing problem.
“Three overarching trends are driving security spending: a dynamic threat landscape, increasing regulatory pressures, and architectural changes spurred by digital transformation initiatives,” said Sean Pike, IDC’s Security Products and Legal, Risk, and Compliance programme vice president.
Ultimately, the more we adopt mobile technology in our personal lives, the more we’ve come to expect these same technologies to make our lives easier when we’re at work. Implement technology in the right way and businesses should see a positive outcome across the board.
“Digital workplaces are good for employees, good for customers and good for profits.” said Emma Thompson, Head of Technology and Telecoms Business Partnership Team, UK Government Cabinet Office in O2’s Futures summary 2019.
Of course, there is no one-size-fits-all solution for digital transformation. It means different things to different businesses, but one aspect that’s fundamentally important is security. For instance, an organisation that becomes mobile first will need an agile infrastructure to allow its people to work and collaborate from anywhere.
This also requires end-to-end security, with each part of a company secure – whether that’s a server at head office or a member of staff using a work smartphone on an overseas business trip.
A big problem for business of all sizes
Whether you’re a large or small business – or any size in between – security has to be front of mind. Like taking out an insurance policy you hope you never need, it’s a must.
It’s a dilemma. Ultimately, we need technology. Its benefits far outweigh any negatives and it makes a very real difference to businesses and individuals alike.
However, in order to reap the rewards rather than be exposed to the risks, we have to tread carefully. To help, here is our guide to what you really need to consider when it comes to workplace security.
Do the following…
Do: Utilise two-factor authentication
Many employees actually like two-factor authentication as it helps if they forget their passwords as well as protecting what the company holds dear. By ensuring two verification steps need to be followed before granting access, you are reducing the chances of unauthorised access.
“Two-factor authentication may not be quite the security silver bullet it was once thought to be, but it’s still an important area of security and access control to keep in mind when obtaining and setting up services for your business or personal life,” according to an IT Pro article on the subject.
“The more hurdles you can put in the hackers’ way, the less likely they are to target you.”
Do: Look at both WAN and LAN
Devices that have connectivity can become dangerous in the wrong hands. That’s why it’s so important to focus on all network security elements – from LAN to WAN and beyond.
O2 was the first mobile operator to achieve CAS(T) certification (the government standard for secure communications), to validate the financial and human resource effort placed into security to protect the businesses that rely on it.
Do: Embrace behavioural analytics
By taking advantage of Big Data platforms and sophisticated technologies such as Machine Learning, behavioural analytics looks at user activity to try and identify and stop insider threats. For example, employees who are able to interpret behavioural analytics can spot potential security breaches by looking at who is accessing various network assets, how often and what devices they are using to communicate with.
Do: Focus on endpoint protection
The majority (around 70%) of businesses in the UK still rely on signature-based detection to fend off malware and ransomware attacks, according to O2’s Dean Thomson. This, simply, isn’t good enough, he says.
“It’s time to deploy next generation endpoint protection that uses behavioural analysis to detect and stop malicious activity. This technology will also go a long way in helping to protect against chip based exploits such as Meltdown and Spectre,” Thomson added.
Do: Ensure you focus on the knowns and unknowns
Hindsight is a wonderful thing and it’s easy to try and learn from what’s happened in the past to try and affect what may happen in the future. But, while it’s good to learn from experience, organisations must remember that the threats that expose our weak spots need the same amount, if not more, attention.
Do: Embrace evolving behaviours
With new threats emerging all the time, it’s important not to stand still when it comes to security. Be prepared for every possible eventuality and respond accordingly.
The most dangerous threats to your business are the ones lying dormant waiting to activate. There’s no place for complacency when it comes to workplace security. And, while people are your biggest and best asset, where security is concerned, they are also your biggest allies.
Don’t do the following…
Don’t: Shut people out
People need to feel valued and listened to. And there’s no greater way of showing you’ve been listening than answering their needs. So when you’re implementing any new technology, don’t do it without first talking to those who will end up using it. Get your people on board early on to help educate them on being security aware.
Don’t: Get the balance wrong
When it comes to accessibility boundaries and rules, there needs to be the right balance between tech security and tech freedom. Use it in the right way, tailored to how people work – with the right security in place – and technology can help unlock employees’ potential.
Don’t: Allow unauthorised devices on the company network
In the same way you wouldn’t allow any uninvited guests into your house, the same goes for your business. Many larger organisations may have this covered, but if a smaller business is keeping an eye on costs then unauthorised devices could slip through the net. In this case, ensure you maintain an audit of company issued devices as well as making sure employees understand the responsibility they hold every time they connect their personal devices to your corporate network.
Don’t: Think you can do it alone
No one really understands your business as well as you do, but you’re not expected to have all the answers. That’s why it’s important to work with your trusted partners to reinforce your defences. When it comes to security management, a third-party engagement can make a great deal of sense.
“Don’t waste money on trying to build and tool your own Security Operations Centre, instead outsource the problem to the experts,” according to Thomson.
“The costs for managed security services have come down considerably in the last year and it is far more secure to use a SOC that can see threats that are not just targeting your own business. There’s strength in numbers. We’re here to help if you need us.”
Technology is only one part of the puzzle when it comes to effective security; but ultimately, your people are the best defence. That’s why it’s important not only to educate employees on all the dangers, but also get them onside with your security strategy.
“Don’t let’s talk about the technology as if it’s the technology’s fault that we’ve
gotten better or worse at anything. It’s about how we choose to use the tools we’ve got,” Codrington added.
A business’s biggest asset is its people, and equipping them with the right technology to unlock their productivity is key. If an organisation and its people are always going to be connected, they need to be able to work on any device, collaborate with colleagues and access data and apps securely wherever they are.
When it comes to security, it’s often said, that you’re only as strong as your weakest link. So, make sure you strengthen those defences and continue to invest in them as the threats evolve. Together, it’s far easier to stand up to the many against threats and stop them rather than taking them on alone.