We all know exactly why more people have been working from home over the past year. We also know that it is technology that has stepped in to enable companies to function and communicate.
However, perhaps what we like to think about less is how vulnerable this has made us to cyber-attack – this applies to Governments, large corporations, SMEs, and individuals. The scammers are having a field day and, if they can breach institutions like the NHS, the Pentagon and even compromise Microsoft’s software, it means that none of us is safe.
The financial outlay involved in protecting our businesses from cyber-attack is only one aspect; people need continually to be trained how to use the kit and what to watch out for from the invaders. As one expert put it, the reality is that every employee is now a “digital employee”, every business endeavor “has a technology component” and every budget is “an IT budget.”
We are all having to learn a new language. Terms like ‘ransomware attacks, the cloud and cyber clusters’ are examples of a vocabulary that most of us would not have recognised only a few years ago. However, experts warn that despite all the ultra-sophisticated technology coming on stream, if there is a security breach it is most likely to occur in the basic mailbox (e.g., Office 365) because of the huge increase in online remote working volumes. It turns out that the most common technology is also our weakest link.
The fact is, digital literacy is non-negotiable, starting from the Boardroom and extending to every employee. It means that someone senior must be made responsible for information security in every company regardless of its size. Delegating such a vital role to a junior member of staff is only asking for trouble.
In her maiden speech, the new CEO of the National Cyber Security Centre (NCSC), Lindy Cameron, said: “Cyber security is still not taken as seriously as it should be and simply is not embedded into the UK’s boardroom thinking.”
Some of the warnings are scary, but advice is readily available, and guidelines do exist (from the NCSC for example). Speaking for ourselves and having taken the decision to upgrade our IT structure prior to the pandemic, UnitBirwelco is already a cyber essentials certified company. Nevertheless, we must constantly engage our staff in training about phishing and scam-emails because we know that time is unlikely to stand still. We also know that burying your head in the sand is no defence against a problem that is not going away.