As businesses and customers become more connected and digital-first, the need to protect cyber assets and personal information has become paramount. Analysts estimate that by 2020, 60% of enterprises will be victims of a major cyber security breach. However, this is based on the current industry climate and most likely will increase in the comings years as attacks become more sophisticated and businesses continue to drive digital transformation (DX) projects.
An organisation’s communication channels are often the first point of call for an attack, delivered via spam, phishing attempts or taking advantage of out-of-date software and now as businesses move to the cloud, this provides another avenue for attack. Therefore, it is vital to ensure that your communication tools, systems and processes are secure and the key to being secure is to ensure the use of tested technology and implementing effective user adoption programs and staff awareness campaigns.
Here are four key pointers to bear in mind when looking to make UC security fit for purpose:
Education/awareness of the end users
Most cyber issues are a result of human error and habit with EY’s Global Information Security Survey 2017 finding that 74% of cyber-attack sources are via careless or uneducated employees. Think about how many times you may have used the same password at home and at work, made it easy to remember, or clicked a link in an email which turned out to be a scam. This is all down to human judgement and complacency and hackers take advantage of this using social engineering.
The end user must be educated and made aware of policies and best practice in cyber security. This will improve confidence and awareness in the workplace and reduce the risk of a security breach.
Establish a strong security community
Either internal or external, there needs to be a community culture for corporate security experts in order to share ideas, discuss new threats and learn from peers. Threats change and adapt almost every day, so ensuring that security teams are learning and communicating with other experts can be key to staying a step ahead of potential new threats.
Maintaining a strong CMDB
Keeping a strong, well-maintained, and effective Configuration Database (CMDB) is a concern for lots of companies. Many companies fail to maintain their CMDB and this makes implementing security controls and procedures more difficult and time consuming, encouraging mistakes and opening the organisation to attack. Apply clear responsibilities and ownership of your CMDB and keep equipment up-to-date. The better managed it is, the easier threats are to prevent. Doing this is particularly important when upgrading infrastructure and for those in transition of modernising the workplace.
Continual review and optimisation of the Information Security Management System (ISMS) overall
Continued maintenance and review is the key to creating a well-oiled machine that won’t fail when it needs to perform. Continually review and optimise your ISMS which includes security policies and procedures, security change management control and review of the risk register. Adjust these on a regular bases relative to current threats and vulnerabilities.
Guest Blog by Mariana Peycheva, Chief Security Officer at Unify
Unify is the Atos brand for Communications and Collaboration. We are one of the world’s leading communications software and services brands, providing integrated communications and collaboration solutions worldwide. Our customers range in size from 5 employees to 500,000+ employees.
