Story image

Why you should let employees step forward in fight against cybercrime

07 Aug 17

Employees may be one of the biggest security risks, but also an organisation’s major strengths.  Many firms don’t realise that employees can help mitigate risk.

Familiar names such as CryptoLocker, DDoS, botnet attacks and ransomware are now commonplace in the common world. Manuja Wijesekera, pre-sales solutions architect - Fortinet, Wavelink, says it’s about taking a multi-dimensional approach to protecting organisations.

“Given the explosion of hacking related security outbreaks in the past couple of years and the damage it can do to organisations, it is becoming more important than ever to remember that no matter what technology or security measure is in place, more often than not employees are the first line of defence,” Wijesekera explains.

He says risks can come in the form of mistakes, being unable to identify a suspicious link or email, connecting unsecure devices to the network, or even insider threats, this should all be considered when coming up with a mitigation strategy.

 “Employee mistakes are a common cause for security breaches and hackers are using the emotional aspect when trying to entice us to click on a link or open an infected file, hence the need for organisations to foster an environment where an employee can ask questions without being reprimanded or ask for help if they think they’ve made a mistake that might have put sensitive data at risk.” 

He says that organisations should make employee engagement as part of their workplace culture, from the onboarding and induction process, as well as regular exercises and awareness campaigns throughout the year. Those in charge of security should also be certified.

That may not be so easy for small- and medium-size businesses. They don’t have the dedicated resources, and are ‘setting themselves up for a breach’.

“The other issue is that many smaller organisations are not willing to invest at all until they have suffered a breach, which is often too late. Their network may even have already been penetrated without them knowing it because they don’t have the systems in place to track it,” Wijesekera explains.

He says that it’s less of an issue because security involves CEOs and other high-level executives, especially when they are being held accountable for protecting sensitive information.

“Ultimately, all organisations need to look at making security part of their overall culture, and move away from the notion that having a single security device at the edge will make them secure. They should look for solutions and partners that can offer a fabric of security technologies with the importance given to technologies that are able to share intelligence. They also need to have a good governance program in place to maintain and monitor security in real time and an awareness program that includes all employees,” Wijesekera concludes.

How blockchain will impact NZ’s economy
Distributed ledgers and blockchain are anticipated to provide a positive uplift to New Zealand’s economy.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Human value must be put back in marketing - report
“Digital is now so widely adopted that its novelty has worn off. In their attempt to declutter, people are being more selective about which products and services they incorporate into their daily lives."
Wine firm uses AR to tell its story right on the bottle
A Central Otago wine company is using augmented reality (AR) and a ‘digital first’ strategy to change the way it builds its brand and engages with customers.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."