editor’s question
RIAAN
BADENHORST, GM
OF KASPERSKY
IN AFRICA
C
ybercriminals’
tactics have grown
in sophistication
and at an alarming
rate over the
last few years.
Threats are
becoming more targeted and specific
with advanced threat actors being used
to carry out damaging attacks. Our
research shows that threats will only
become more targeted and dangerous
in 2020. No one business is immune
to this reality and threat – especially
as businesses – and their employees
continue to operate and conduct daily
work operations in the digital landscape.
While the evolution of technology and
all things digital has reshaped and
revolutionised the way people work and
conduct business today, the digital world
beings with it risks that businesses need
to be aware of and prepared for.
One such risk is that of a lack of
sufficient password protection. Various
28
types of technologies, devices and
accounts are used to carry out work
tasks and to communicate on a daily
basis. Many of these aspects become
people’s lifeline both in a personal and
professional capacity – just think about
email as an example. In fact, it is rare to
find someone who doesn’t feel somewhat
lost or unproductive if they don’t have
access to their laptop, smartphone
device or emails throughout the day.
As these devices and accounts become
more entrenched into daily life, so they
continue to exchange and store an
increasing amount of data – and often
very valuable data, including business
critical and sensitive information. If
these devices and/or accounts are
not adequately protected and do not
have strong passwords, they are at
an increased risk of cybercriminal
attacks, which if happens, could lead to
devastating consequences for a business.
Password protection and password-
based strategies must be a top priority
for businesses driving forward a digital
approach and with this must form a core
part of any strong cybersecurity policy.
The following practical steps to effective
password protection within a business
can be considered:
• Consider the role of human error:
Research shows that 80% of all
cyber incidents are caused by
human error. Businesses need to
onboard staff training around the
realities of cyberthreats, how data
can be at risk and how staff can go
about protecting the organisation’s
business data as well as how to
go about setting strong passwords
as required for various devices
and accounts.
• Security awareness training: In
considering the above, minimising,
or hopefully eliminating, the potential
human error aspect of cybersecurity
within an organisation requires the
organisation to look at building a
human firewall. This is achieved
through the right security awareness
and training solutions that go beyond
basic training, to offer training that
is easily digestible, practical, and
importantly, memorable, to ensure
that staff don’t become the means by
which an attacker gains a foothold in
the organisation.
• Security solutions investment: A
solid data protection strategy in the
digital world is made up of a strong
suite of security solutions aimed at
protecting businesses data across the
full business and its employee base.
When considering how much data or
information mobile devices and various
digital based accounts hold, it becomes
evident that password protection is a
critical consideration business must
look into and educate staff around.
Cybercriminals will look for any loophole
they can find to infiltrate a business and
cause serious damage – don’t make it
easy for them with a lack of attention to
password security.
Issue 22
|
www.intelligentciso.com