IT and remote working 10 Jun 2020 Article from Association Now Magazine:
There wasn’t a lot of time when the COVID-19 crisis began for companies to prepare.
Suddenly within about 5 days, 75 percent of employees starting working remotely, according to Cybersecurity Insiders and Pulse Secure. But what about the implicatin for security? of data and devices?
Most people took off the shelf solutions.
A study of 400-plus IT security decision makers found that more than half of respondents (54 percent) had less than a week to prepare, and a third weren’t sufficiently prepared for such a shift. That led to solutions such as antivirus/anti-malware (77 percent), firewalls (77 percent), virtual private networks (66 percent), and multifactor authentication (66 percent) finding quick use, according to the report.
“Beyond potentially impacting user productivity, this emergency workplace shift and rapid need for remote work capacity threatened IT infrastructure, business continuity and information security,” wrote Cybersecurity Insiders’ CEO and founder, Holger Schulze, in the report.
There were, of course, other concerns for IT pros as well, with issues of training (59 percent), home network security (56 percent), and use of personal devices (43 percent) ranking near the top.
The mixture of concerns—along with the growing likelihood of an increased reliance on work-from-home by employers—is leading IT executives to take a close look at their budgets. More than half (55 percent) estimate that their organization’s workforce security budgets will increase over the next year, likely reflecting the fact that a third of organizations expect some employees to move to a remote environment permanently.
“Beyond offering a wake-up call for emergency preparedness, the findings indicate a strong likelihood of organizations permanently extending work-from-home flexibility and advancing secure access capabilities,” explained Scott Gordon, Pulse Secure’s chief marketing officer, in a news release.
SMEs must do better Jun 2020
I was reading a great article from a US author this week asking the question, why are small businesses ignoring cyber threats. Jennifer Keltz stated that "SMBs can take steps to increase their cyber resilience and boost their chances of success. Owners should lead by example and pay attention to their employees’ online habits. They can demonstrate good cyber hygiene and teach their employees to do the same."
We all know this, but why are so many Owner/ Managers leaving their data protection and cyber security to chance?
We know that more is spent on security measures after a breach - reponsive not proactive, horses and stables etc etc.
Jennifer goes onto say: "Owners should identify business-critical assets and data to prioritize their protection. They should be proactive, rather than reactive, when planning protection against cyber-attacks."
So how do we, in the Data Protection / Cyber Security world help to convince Small business owners, that a stitch in time, saves nine?
What are the issues that stop them investing?
Head in sand syndrome?
Cyber Security and Trust Apr 2020
Many of us are working on making online identities secure and verifiable, and also empowering people to find out who has their private data, how accurate that data is, what they are doing with it and how to ensure the individual has given explicit consent for any such use. There is a lot of data; Medical, Financial, Social.
Technology is an important part of the solution. But the elephant in the room is that much sought after, yet elusive quality – trust.
Individually we may know and trust a small circle of friends and colleagues but equally we may not. It is very difficult to really understand how people will behave today and, as circumstances change or become more difficult, how they will behave tomorrow. It is possible to work for an “ethical organisation” and do unethical things. There are a number of cases where even close business colleagues have been surprised by the sometimes criminal behaviour of people they thought they knew well.
In the same way there are trusted intermediaries looking after and transferring currencies and other financial assets i.e. banks (including PayPal, Monzo, Western Union etc); there will likely need to be “Data Protection Banks” i.e. trusted third parties with a licence from e.g. Govt Information Commissioners or similar to hold and transfer personal data under the consent of the individual. This organisation would also hold a central register of the consents given, who data has been transferred to and what they are doing with it. This will be in addition to organisations compliant with the General Data Protection Regulation. Even Facebook and Google don’t know everything about you (though they are trying) i.e. all your accounts, assets, IDs, documents, property, health info etc.
Who would we trust with all this information and how would such a “Data Protection Bank” look? Could it be an app on the phone? Does it need to be run by a Govt agency? Who would you trust?
Questions for next time…