The proliferation of cyber threats against UK enterprises has resulted in the British government demanding organisations do more to protect their corporate network and the data that sits within it. While the majority of cyber attacks originate from the outside, Julian Cook, Director of UK Business at M-Files Corporation, a provider of enterprise information management (EIM) solutions, highlights the critical importance of businesses also understanding and defending against security risks and threats that originate from within an organisation.
Recently, government research revealed that two-thirds of large businesses in the UK had experienced a cyber breach in the past year, in some cases causing upward of millions of pounds in damage. While the findings strike a chord with widespread trends highlighting the growing threat posed by cyber criminality, the British government also believes organisations should be doing more to protect themselves and their customers.
The research also highlights that only half of organisations surveyed took recommended actions to identify and address vulnerabilities, noting, “too many firms are losing money, data and consumer confidence with the vast number of cyber attacks.” Evidence of this can also be found in other sectors. Recently, a Scottish council was issued an enforcement notice obliging it to implement training and guidance, following the loss of sensitive information surrounding an adoption case. This followed a data breach in 2014 when a laptop containing a child’s medical reports were stolen, despite it being advised on several occasions to implement training as well as ensuring polices were in place surrounding remote working.
The British government believes firms should be adopting its Cyber Essential Scheme (CES); a government-backed cyber security certification programme outlining fundamental best practices for protecting against cyber attacks suitable for all organisations. M-Files agrees with this approach, and Cook also suggests businesses, regardless of size and industry, should take greater responsibility internally for the security of their data, particularly against employees who may be inadvertently putting their company at risk:
“The government’s advice is sensible – cyber criminals are becoming increasingly more sophisticated in their methods and the ramifications for loss of data are severe. It’s not just large enterprises dealing with the consequences of security breaches and the advice highlighted in the CES will go a long way to helping organisations of all sizes address many of the challenges surrounding cyber security.
“Aside from the threats which can come from the outside, organisations must also be vigilant in protecting against internal threats. Well-meaning employees may share files with others inside and outside of the business, via non-sanctioned personal devices, and thus inadvertently put the company at risk by placing sensitive information in the wrong hands.”
M-Files conducted research around the use of personal file sharing apps within an organisation. The findings revealed that 46 per cent of respondents confessed to having stored confidential business information on personal file sharing apps. 70 per cent stated that its company did not have policies in place around using personal file sharing apps at work, or were equally unaware of them. It was also reported that 25 per cent of respondents said their business experienced data loss, security breaches or loss of control over documents from employees using personal file sharing and sync tools. Cook has advice for those looking to address the threat from within:
“As always, education is essential. Ensuring employees understand the dangers of using their personal apps at work and how this can expose the company to security breaches must be the first port of call. By raising the awareness among employees about the risks, organisations can help to reduce their exposure to information security breaches and data loss.
“Additionally, easy-to-use, enterprise information management (EIM) solutions enable employees to quickly and efficiently access and share files, whilst the IT department is provided with a secure system for protecting information assets. The ideal environment for information management is one thatenables a more collaborative workplace with easy sharing capabilities that enable access to content from anywhere, at any time and on any device. This approach also helps avoid the security and compliance threats associated with using personal file sharing and sync tools.
“By heeding the advice of the government and recognising the risks of internal threats, businesses of all sizes and industries can better ensure that their information is safe and secure.”
[su_box title=”About ” style=”noise” box_color=”#336588″][short_info id=’71016′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.