Cyber threats affect organizations of all sizes. When a cyber threat does reach its target and causes a cyber breach, the finger is usually pointed at the lack of cybersecurity solutions in place. That’s true to an extent. But human error is also a big factor.
In fact, according to a Verizon report, 82% of data breaches are caused by human error, and companies of all sizes are at risk because of it. A few examples of human error instances include the Uber, Rockstar and Dropbox data breaches in 2022.
These “bigger” companies might be more rewarding targets for bad actors, but that does not rule out the possibility of smaller organizations becoming victims of cyberattacks, especially as employees return to the office. That is why, according to Adastra, more than three-fourths of business managers expect their organizations to experience a data breach in the next three years.
“The results of this survey should serve as a reminder that companies of all sizes must invest in data security protection, resources and education, particularly as we return to in-office activities,” said Kuljit Chahal, practice lead, data security at Adastra North America. “During the pandemic, many employees were hired virtually and, in combination with long absences from offices, introductions to and re-familiarization with security protocols will be critical.”
Taking Chahal’s advice on investing in data security protection, 68% of managers surveyed say their companies have a cybersecurity division and a further 18% report they are in the process of creating one.
“The increase in data breach incidents across North America is troubling and must be prioritized as employees continue to return in-person to their corporate offices,” said Chahal.
Security enhancements are provided by Adastra to help organizations bolster security as employees return to the office. Among them are tips commonly known such as deleting redundant data, having a data backup plan, establishing two-factor authentication, implementing early detection systems and updating computer programs with the latest security features. Pretty standard practices that are preached often.
Practices that organizations may not be as familiar with include:
- Keeping employees informed with cybersecurity education. Employees who go through regular phishing tests may be less likely to engage with malicious actors over email or text messaging.
- Establishing processes for provisioning and de-provisioning user access with approvals, reports and regular attestations to limit what an attacker may be able to access in the event of compromised credentials.
- Hiring a third-party company to assess the organization’s security posture. This provides a clearer picture of strengths and weaknesses and a roadmap to address greatest vulnerabilities.
- Reinforcing clean desk policies and reviewing physical access controls, including access to secure areas. As employees return to the office, this practice is encouraged to ensure assets are not stolen or lost. Work-from-home employees who have company assets should be routinely educated on keeping those assets secure while at home as they would in the office.
More employees are returning to the office, but this does not mean companies should relax on security measures. Invest in security protection and ensure the company does not become a victim of a future cyberattack.
Edited by Greg Tavarez