The rise of globally dispersed workforces and new work-from-home requirements are placing extraordinary pressure on every organisation’s security. And wherever there is upheaval, cyber-criminals thrive. Alongside the devastating health and economic impacts of the coronavirus pandemic, we have also seen a huge escalation in cyber-attacks, especially in ransomware, phishing and spear phishing, all of which have increased exponentially. As a result, here in the UK, the average cost of a data breach has grown to nearly £2.7 million, according to IBM research. Additionally, reputational harm can of course be incalculable, which is why it is so important to ensure that data is appropriately handled, classified and stored.
For example, rising email volumes as a result of remote working and the digitisation of manual processes are further escalating this risk, which is particularly poignant as parts of the country face further lockdown measures in the coming days and weeks. Users are operating away from the normal office “look and feel”, and it is easy for them to get distracted by events which would not occur in an office environment; mistakes inevitably happen.
This is where employees play a vital role in ensuring the organisation maintains a strong data privacy posture. For this to be effective, organisations need to ensure that they provide regular security awareness training to protect sensitive information. That said, awareness – both among businesses themselves and their employees – that connected devices are not always secure is relatively low, and businesses need to tackle this head-on. In terms of how they go about doing this, they must invest in end-user training and education programmes. Users are an organisation’s most important resource, and they must be trained so they become a security asset rather than a liability; a critical part of an organisation’s security posture, not excluded due to the associated risks.
A firm must foster an inclusive security culture and ensure users are continually trained so that their approach to security becomes part of their everyday working practice – it should be embedded into all their actions and the ethos of the business. This also puts the onus back on organisations to invest in technologies that help stop the inadvertent and accidental misuse of data.
One way to do this is through data classification tools, which not only help organisations to protect their data by attaching appropriate security labels to the files themselves, but also to educate the user to understand how to treat different types of data with different levels of classification and sensitivity. This means that your data is classified according to its sensitivity and importance to the organisation. Doing this enables businesses to prevent sensitive data leaving the business, either inadvertently or maliciously.
Today, data classification offers an increasingly persuasive answer to help prevent unintended data leakage, and enables organisations to maintain compliance with regulations such as GDPR, HIPAA, CCPA and more. Furthermore, data classification helps to extend the value and effectiveness of wider data security and governance ecosystems – adding new levels of intelligence to data loss prevention and data archiving solutions.
Likewise, attacks on large corporates often begin via their smaller suppliers who may be less well defended. So as businesses expand their ecosystems and work with more suppliers, often blurring the boundaries of the network, it is critical to protect not just users and their devices, but also to protect suppliers and the supply chain ecosystem.
Here at Boldon James, we view data security as an ecosystem where data classification is one of the core tenets and the foundation of any good data security plan. Our data classification solutions enable the automation of many data management tasks to enhance the performance of third-party cyber-security solutions that read the metadata applied during the classification process. This metadata can determine how a piece of data should be treated, handled, stored and disposed of –over its entire lifetime. This ultimately protects the data from any inadvertent or accidental mishandling.
Remote working looks set to be the modus operandi for the foreseeable future, so making sure that you wrap tools around the users and your whole business ecosystem will help to ensure that you don’t become one of the data breach statistics.
To find out more visit www.boldonjames.com
By Adam Strange, Data Classification Specialist, Boldon James