The rise of digital organisations, and the interconnectedness of devices to organisation’s networks is undoubtedly creating security risks. However, what many organisations don’t realise is the important role employees play in mitigating this risk.
Manuja Wijesekera, pre-sales solutions architect – Fortinet, Wavelink, said, “Given the explosion of hacking related security outbreaks in the past couple of years and the damage it can do to organisations, it is becoming more important than ever to remember that no matter what technology or security measure is in place, more often than not employees are the first line of defence. It is therefore important to take a multi-dimensional approach to protect your organisation.”
Ransomware, CryptoLocker, DDoS, and botnet attacks are increasingly commonplace in the corporate world.
Manuja Wijesekera said, “Whether it’s mistakes, a lack of understanding of what a suspicious email or content looks like, connecting unsecure devices to the network, or even inside threats from disgruntled employees, organisation’s are regularly being put at risk.”
Organisations need to mitigate this by making employee engagement part of their workplace culture. This includes making it a part of the onboarding and induction process as well as running regular security programs and awareness campaigns throughout the year. It is also important to make sure security teams are certified wherever possible.
Manuja Wijesekera said, “Employee mistakes are a common cause for security breaches and hackers are using the emotional aspect when trying to entice us to click on a link or open an infected file, hence the need for organisations to foster an environment where an employee can ask questions without being reprimanded or ask for help if they think they’ve made a mistake that might have put sensitive data at risk.”
For small to medium-sized businesses in particular, which may lack the dedicated resources for security, there is a very real possibility they are setting themselves up for a breach.
Manuja Wijesekera said, “The other issue is that many smaller organisations are not willing to invest at all until they have suffered a breach, which is often too late. Their network may even have already been penetrated without them knowing it because they don’t have the systems in place to track it.
“For larger organisations this is less of an issue because security has become a boardroom discussion, and CEOs and other high-level executives are being held to account when it comes to protecting sensitive information.
“Ultimately, all organisations need to look at making security part of their overall culture, and move away from the notion that having a single security device at the edge will make them secure. They should look for solutions and partners that can offer a fabric of security technologies with the importance given to technologies that are able to share intelligence. They also need to have a good governance program in place to maintain and monitor security in real time and an awareness program that includes all employees.”