By: Robert Rutherford, CEO, QuoStar
Even when COVID-19 stops dominating our headlines, the changes the pandemic has brought to your workplace will remain. The ‘hybrid model’ in particular is a buzz phrase you’ll soon be hearing a lot. It means employees split their time between the workplace and a work from home (WFH) setup, and according to McKinsey, some 90% of businesses will permanently implement a hybrid work model in the coming years.
Businesses that embrace the hybrid model will enjoy improved staff wellbeing and can also expect greater staff retention and better levels of productivity. However, despite their intention to go hybrid, almost seven out of 10 businesses have no plan on how to do so.
This leaves businesses dangerously vulnerable to new cybersecurity threats. Cybersecurity is an even greater challenge for small to medium-sized enterprises (SMEs) which working with smaller budgets, smaller IT teams, and without the expert advice available to big corporations.
So how do you protect your business from data breaches that could cost you millions of pounds and irreparable damage to your brand?
Train your employees to identify and respond to cybersecurity threats
Any cybersecurity professional will tell you that the weak link in a company’s defences is its employees, with some 90% of cyberattacks linked somehow to human error.
However, those employees are also the first line of defence, which means they can also be a valuable asset in protecting your business. But employers need to make sure they are equipped to perform this role.
An introductory training course or company guidebook given to staff to read their own time are no longer enough. Staff need regular training to stay alert to new threats. You already perform fire drills in case of an emergency, and you should practice cybersecurity drills so that everyone knows how to respond to a data breach. Staff should develop muscle memory for spotting threats like DDoS attacks, phishing attacks, and ransomware, and this can only be achieved through training and reinforcement.
Finally, it’s important to practice good communication with your team in order to spot mental health problems like isolation, burnout, or stress. When teams are away from the workplace these issues are harder to spot. Aside from promoting a happier workforce, it’ll mean your staff are more alert to security threats.
Ensure both your workplace and employees’ homes are equipped with secure and up-to-date software
First, perform a security audit of your infrastructure and identify all your vulnerabilities.
Even if a business had good security before the pandemic, its previous measures may no longer protect it, with staff accessing internal networks from around the world. It’s also important to identify the most valuable data – after all, this is what hackers will most want to steal.
Your workplace may be cyber secure, but your employees’ homes might not be. The majority will have purchased their home devices without thinking they’d have to use them for work.
They may be working on unsecured networks, click a malicious link, or have their laptops exposed to malware. And it takes just one infected device to log in to your corporate network and then your system is compromised.
As a minimum, there are several forms of software and programmes that all your team should be working with:
- Two-factor authentication – most breaches are a result of weak or stolen passwords so provide an extra layer of security to login into your network
- A VPN – you must create a secure and encrypted network for your employees to use
- A secure password manager – everyone should use unique passwords that are regularly updated
However, you can buy the most expensive and secure security programmes on the market and your money will be wasted if your team doesn’t know how to use them. Training is important, but programmes should also have an easy-to-use interface that doesn’t hinder productivity.
Remember, your business is still liable even if your data is stored with a cloud provider
Cloud-based providers have made the transition to a hybrid model seamless for many businesses. They offer flexibility, scalability, and lower costs, all of which not only benefit a business in the short-term, but enable longer-term development too.
However, some 83% of business owners believe that a provider is responsible for protecting clients’ data, and this could be a costly mistake – your business is always liable for your clients’ data.
So, if you are trusting your data storage to an external provider, it’s important to ask the following questions:
- Have they been independently audited?
- Are they compliant with the latest regulations?
- Do you know what technologies they use?
An IT support service can look after all your cybersecurity needs
There are 65,000 attempts to break into small to medium-sized enterprises (SMEs) every day, and around 4,500 are successful.
Each of these data breaches costs a UK business an average of £2.99 million, but it’s not just security costs you’ll be paying. There are legal fees to be paid, the business could lose of brand equity and trust, and there will be lost productivity from your team while your systems are down. But the damage to your brand may be the costliest of all. Some 41% of consumers say they will not return to a business if it suffers a security breach.
A good IT support company should provide a tailored service and guarantee that your business is compliant with all the latest regulations. Security experts should be available 24/7 to respond to cybersecurity threats before they become a critical problem. Importantly, the right firm will work in close cooperation with your internal team – co-sourcing means that you have access to leadership-level experts, acting as part of your team, but at a fraction of the cost of a permanent hire. For SMEs, this is the best option to ensure that they are protected.