As we head into 2024, businesses face the challenge of implementing a hybrid workplace. And that means knowing how to navigate cybersecurity threats in a cloud-based IT system.
A spate of high-profile data breaches does little to settle the nerves of C-suite decision-makers. The latest threat to be exposed is the Log4j apocalypse which could impact t millions of AWS, Google and Microsoft users.
If you only take one thing from this article, let it be this. You can’t rely on out-of-the-box cybersecurity tools as your only line of defence. Hackers use a barrel of tricks to breach IT networks – and that means you have to have multiple layers of protection in your cybersecurity strategy.
Given that businesses are obliged to comply with data protection compliance, implementing adequate cybersecurity defences should be a priority in 2024. One study reveals that 60% of businesses that suffer a data breach close within six months.
Correct Cloud Configuration
A misconfigured cloud poses a major risk for a cybersecurity breach. Cloud configurations that have not been set up properly are cited as one of the most five common reasons for a data breach.
Configuring cloud servers and software can be a problem for companies that do not have in-house IT professionals with cloud expertise. Cloud environments are complex and require specialist knowledge to manage.
A prime example of misconfigured clouds is failing to add user permissions. These give your employees the right to access certain applications or files. Anyone without permission will be blocked.
Because hackers can steal login data, it would be easy for them to access any file they like on your IT network. However, with access permissions in place, they would have to get through another layer of security.
It’s also worth remembering that data breaches are not just an outside threat. Although rarer, the threat can come from within side your company; either through corporate espionage out a disgruntled employee looking for revenge.
Third-Party Privacy Settings
Privacy settings give you control over how and who you share your data. In accordance with data protection laws, you have the right to decide who you share sensitive data with and if you’re working with outside contractors there may be some project information you need to share with them.
It may also be the case that you are using third-party software that stores data authorised by end-users. Payment gateways on e-commerce websites, for example, provide businesses with the email address, and sometimes the physical address of a customer.
The problem for businesses is that data then becomes your responsibility to protect. The information is in your database and if it is stolen by malicious actors, the Information Commissioner Office that enforces GDPR penalties comes down on you – not the payment gateway.
You, therefore, need a strategy that enables you to protect customer information. Cybersecurity experts Kaspersky recommend implementing specialised tools and checking the configuration settings on a regular basis to ensure they cannot be accessed by your employee without the relevant permissions.
Strong Passwords and Multi-Factor Authentication
The majority of data breaches are down to human error – and a principal culprit is weak passwords. A study by Verizon found that 85% of breaches could have been avoided if end users had a stronger password.
Hackers use sophisticated software and techniques that unscramble weak passwords. And according to cybersecurity companies, weak passwords can be decided relatively easily. Most business software on the market today uses a random-generated password function. This is arguably the safest way to create a password because they incorporate a selection of letters, numbers and symbols.
The only issue with randomly generated passwords, however, is they are not memorable. End users need to write them down and keep them stored in a safe place. Disorganised employees find this frustrating because they constantly lose their passwords.
The best option is for ensures to create a memorable password in the guide of a random-generated password – that’s to say, a password that uses a series of letters, numbers and symbols; but one they can remember. For example, if they take a saying or a phrase they can remember, it can be spelt out by substituting some of the letters for numbers. For example, remember this password! would look like this: R3m3mb3rTh!5Pa55w0rd!
A backup strategy for passwords is multi-factor authentication, sometimes called two-way authentication. This technology seeks to verify the identity and the location of the user attempting to log in by sending an access code to their mobile phone.
Anti-Malware Software
Anti-virus software is your first line of defence. This sophisticated cybersecurity solution runs in the background of a computer and detects suspicious activity and isolates malicious code that is known to be used by hackers.
The majority of cyberattacks are captured by anti-malware software. That’s how effective they are. However, they are not 100% invulnerable. The number of high-profile data breaches is a testament to that.
However, there is good news. High-profile attacks typically stem from state-sponsored hackers or malicious actors that are covertly embroiled in a corporate espionage strategy. Needless to say, these crack-hackers are at the top of their game and will not be interested in 99% of companies.
Cybersecurity Awareness Training
Other than targeted companies, the only other firms that suffer data breaches are companies that do not have an adequate cybersecurity strategy or an accidental leak was caused by a careless employee.
For example, a company sending an email to multiple parties is no longer permitted to include the email addresses of all recipients in the cc field where it would be seen by everybody. Emails must only be inserted in the bcc field.
Businesses have an obligation to provide their staff cybersecurity awareness training. Your workforce must know how to detect phishing attacks, how to protect sensitive data and what steps they should take when suspicious activity is identified.
Leading London-based IT support firm, Micro Pro also recommends modifying your internal reporting strategy periodically. Companies that can show the ICO they are proactively doing everything they can to prevent a data breach are more likely to be shown more leniency.