Jon Fielding, managing director EMEA, Apricorn
If you’ve never heard the term ‘cyber-resilience’ you might imagine something requiring heavy investment of time and resources. However, achieving resilience, even in our brave new world of hybrid workplaces, need not be costly or complex.
Greater cyber-resilience can be developed in just four steps. By taking these steps, all organisations will strengthen their ability to retrieve and restore data, minimising incident downtime. They will also find it easier to mitigate threats and establish their causes, demonstrating transparency and due diligence.
- Mandate offline back-ups
It has become critical that every employee is made accountable and responsible for backing up regularly, both locally and offline, to corporate-approved encrypted storage devices.
Cyberthreats increasingly target the end-user working remotely from a home-based office. In addition, cyber-criminals have begun hitting the backup software and systems put in place as insurance. Ransomware attacks alone rose seven-fold, according to BitDefender’s mid-2020 report.
When backups of important data are stored offline at different physical locations, this maximises the chance of data recovery even if the worst happens. It also supports the ability to thwart ransom attempts, even as ransomware attacks continue to multiply.
- Deploy suitable endpoint controls
Straightforward tools must be made available to permit employees to use their own hardware safely and even give them more control over the management of their own data, especially across the newly complex, increasingly hybrid network.
Cyberattacks increasingly exploit employees for whom data security and privacy is not at the forefront of their minds; many professionals, regardless of rank, now regularly move around with personal laptops that are brimming with sensitive corporate data.
This means we need to consider the roles played by tablets, laptops, desktops and BYOD devices connecting to the network, and then securing them, wherever they are. Deploying the right solutions at the endpoint can allow employees to use their own hardware safely and give them autonomy – assisting operational agility as well as defending against greater risk of cyberattack.
- Encrypt all data as standard policy
The third layer of defence is to mandate universal encryption across all devices and all data, whether it is being stored ‘at rest’ or transmitted to and from sections of the corporate network.
The availability of 256bit ‘gold standard’ AES hardware encrypted desktop drives, portable drives and flash drives makes defending data as well as achieving and maintaining regulatory compliance easier than ever before.
Mandating organisational encryption also functions as evidence that the company adheres to responsible data handling practices, even in the event of an information breach. This in turn can reduce the chance of a heavy financial penalty that falls foul of legislation – for example, the EU’s General Data Protection Regulation (GDPR).
- Acquire full visibility of all data
Finally, ensure your organisation can gain and maintain up-to-date visibility of all data. In these days of disrupted working patterns and behaviours, knowing at all times what information and data you have, where it resides, who is accessing it, and whether it’s been put at risk has become more important.
Being able to monitor and manage your data transparently across BYOD, home or work and on the range of devices currently used, also helps guarantee a rapid response to cyber incidents and data breaches, while ensuring organisations can satisfactorily respond to any regulatory questions. This potentially minimises the degree of liability that results.
As our 2021 Global Security Survey highlighted, many organisations place too much trust in employee data handling rather than founding organisational stance on best-practice – for instance, just 41% mandate encryption of sensitive data. Yet any organisation can be disrupted, especially by a crisis.
Organisations were already transitioning from an often-flawed focus on ‘complete security’ to building resilience to cyberattack but more needs to be done. By prioritising cyber-resilience through the four key actions noted above, there’s less reason to worry about home working or rising threats like fearware, ransomware or any other inventive, yet insidious attacks against systems with which individuals are entrusted.