News & Views

Remote working and insider risk

​

As we come to the end of 2020, we ask Adam Strange, a Data Classification Specialist at HelpSystems (www.helpsystems.com) what his 2021 predictions are regarding remote working and data security for employees to mitigate the insider risk.

“The ongoing growth in remote working will create data security threats,” says Strange.  “The far-reaching impact of COVID-19 includes the intensified threat of malicious cyber-attacks as well as an escalating number of damaging data breaches across almost every sector of business.  The rapid shift to remote working during the pandemic left many employers exposed to hackers and highlighted multiple examples of serious network and data vulnerabilities.”

“For example, in a recent article, Infosecurity Magazine quotes research finding that attacks on the biotech and pharmaceutical industry alone rose by 50% in 2020 compared to 2019.  Whilst in the defence sector, The Pentagon is seeing a huge rise in cyber attacks through the pandemic, where unprecedented numbers of employees are forced to communicate through their own devices.”

“As more companies move to facilitate a semi-permanent remote workforce, data security ecosystems will evolve to become more complex and advanced data management and classification solutions will be a critical technology investment.  ‘Insider threat’ will be categorized as the most prominent tier 1 data security risk in 2021, necessitating stricter corporate guidelines and protocols in data classification, as well as comprehensive employee education programmes around data security,” adds Strange.

“At HelpSystems’ we recently interviewed 250 CISOs and CIOs in financial institutions about the cybersecurity challenges they face and found that insider threat – whether intentional or accidental – and more than a third (35%) cited that insider threat has the potential to cause the most damage in the next 12 months.  Furthermore, the latest Information Commissioner’s Office (ICO) report confirmed that misdirected email remains one of the UK’s most prominent causes of security incidents, demonstrating the need for all organizations to control the dissemination of their classified data.”

As insider breach risk continues to growth, a security culture needs to be embedded into organizations.

“In 2021, data governance will take centre stage in data security and privacy strategies.  Companies will create Centres of Excellence (COE) to embed a solid data security culture across teams and corporate divisions and to formalize in-house data management processes, rolling out divisional best practice and placing data classification at the foundation of their data security strategy,” continues Strange.

“Employees play a vital role in ensuring the organization maintains a strong data privacy posture.  For this to be effective, organizations need to ensure that they provide regular security awareness training to protect sensitive information.  In terms of how they go about doing this, they must invest in user training and education programmes.  The security culture of the firm must be inclusive towards all employees, making sure they are continually trained so that their approach to security becomes part of their everyday working practice, irrespective of their location, and security becomes embedded into all their actions and the ethos of the business.”

“Data classification solutions will allow businesses to protect data by putting appropriate security labels in place.  HelpSystems data classification uses both visual and metadata labels to classify both emails and documents according to their sensitivity.  Once labelled, data is controlled to ensure that emails, documents and files are only sent to those that should be receiving them, protecting sensitive information from accidental loss, through misdirected emails and the inadvertent sharing of restricted documents and files,” comments Strange.