We’re living in a world of convenience. We can access the Internet anywhere and everywhere – through various devices – giving us access to endless information. It allows us to connect with our family and friends via social media and messaging services. It lets us use apps to order food and cars, or even find and meet potential dates.
When it comes to business, the possibilities are just as numerous and myriad – and the benefits are enticing. Save time and money and increase productivity, all at the click of a button. Sounds too good to be true.
Unfortunately, in some scenarios, it is.
Keep reading to find out more about convenience vs security in today’s digital world.
Two sides of the same coin
When it comes to IT, convenience and security are two sides of the same coin.
Take online banking, for example. With a simple tap of your finger you can check your account balance, pay your bills and transfer cash to your suppliers or employees. While these banking apps have SSL encryption, does this really stand up against a determined cyber criminal? Not likely.
That’s why many small businesses are asking the question: can you have both convenience and security online? Where do you draw the line?
Two-step verification and multiple layers of authentication are generally a good start. While it does mean more effort for you and your employees to access different platforms and systems, it also ensures a higher level of security – making it a valuable trade-off for both individuals and businesses.
Factoring in the human element
Of course, whatever way you decide to secure your business, you need to factor in the human element.
Your employees are one of the most valuable assets of your business. They’re also your biggest liability when it comes to IT security.
Why? Because the best way to infiltrate a network is to get someone else to do it for you.
We don’t necessarily mean your employees are looking to sell your data. Generally, they’re completely unaware that they’re involved and are purely the unfortunate victim of a cyber attack.
Cyber attacks commonly initiated by employees
- Phishing – an email that looks like it’s coming from a trusted source (such as a utility bill) that has you enter your details into a fake website.
- Spearphishing – similar to phishing, however the emails are personalised and appear to originate from a colleague or boss.
- 419 scam – this involves sending an advance fee in order to receive a larger sum of money.
- Malware – malicious software downloaded typically via email, which is used to infect, destroy or hijack computers.
- Ransomware – a type of malware that locks computer files until the victim pays a ransom to unlock them.
Security on a global stage
In the past few years, there have been some high-profile data breaches from a wide range of companies. One that springs to mind is Facebook’s Cambridge Analytica scandal, which prompted a national conversation in the US about possible federal privacy law. More recently, there have been concerns about another US company, Clearview AI, and its controversial facial recognition platform. The company has been collecting publicly available images from Google and social media, drawing scrutiny from lawmakers and advocacy groups.1
This kind of attention has spawned new privacy laws around the world, including the General Data Protection Regulation, which addressed Europe’s concerns regarding the accessibility and storage of personal data by various companies. Europe now has stronger governance and accountability requirements, as well as a strict 72-hour mandatory data breach reporting regime.
Latin American countries, such as Brazil, have followed in Europe’s footsteps, drafting comprehensive data protection regulations for the first time. The same can be said for North America, with Canada’s new data breach notification that came into effect in late 2018, and California’s new data protection legislation set to commence in 2020. Both feature enhanced consent and breach reporting requirements.
Similarly, in the Asia Pacific, new data protection regulations took effect between 2016 and 2018. This included China, Singapore, the Philippines, Japan and Australia. Our country’s changes are known as the Notifiable Data Breach Scheme, which was introduced on the 22 February 2018.
All of this suggests a shift in the balance between convenience and security. As a collective, the world is now more concerned about how our data is being used and stored – and less interested in the benefits the accessibility of that data may bring.
But as employees, is that really how we operate?
Combatting the risk
From 1 April 2018 to 31 March 2019, there were 964 notifiable data breaches in Australia (and that’s only the notifiable ones, there were likely countless more!). Of that number 60% were malicious or criminal attacks, with 153 attributed to phishing.2
Another 35% were attributed to human error, such as through unintended disclosure of personal information or the loss of a data storage device.2
So as a business, how do you stay compliant? How do you ensure you’re meeting privacy regulations, while also managing your people’s expectations?
While documented company policies and procedures surrounding privacy, security and potential breaches, as well as regular compliance assessments can help, having the right IT security services in place is far better protection.
Head of IT Services at Spirit, Jason Munso also adds, “Cyber attacks are an ever-evolving threat, and attackers are making light work of ‘DIY IT’ – essentially, companies that allow office managers or other unqualified staff members to manage infrastructure because they have set it up at home. Without a business-grade security solution, including a firewall, endpoint security and multi-factor authentication, even the most savvy employees may fall victim to phishing and other malware attacks.”
Find the right balance for your business technology with Spirit
At Spirit, we’re committed to making your IT security more convenient. Our Managed IT Services are designed to support your business IT operations, ensuring your people have easy access to the systems and tools they need, while also making sure you remain compliant with both Australian and international data regulations.
For a free IT assessment, get in touch with one of our specialists today. We’ll be happy to help your business find the right balance online.