2017 was the year when cyber attacks finally became front-page fodder for Indian news media. It is little surprise that this coincided with the country becoming the second largest smartphone market. The lure of India for cybercriminals has never been as high and with the government embarking on their massive digital transformation project, it will become even more of a low hanging fruit for malicious actors in the days to come. Businesses - as well as individuals - will need to double down to bring overall levels of preparedness to acceptable levels. Here are a few basic things that must be kept in mind to create a more secure workspace.
A secure workspace starts with an aware individual. Human error is generally regarded as the number one cause of breaches. Take passwords for example. In the battle between the inconvenience of remembering a complicated but safer password and the ease of recalling, far too many opt for the latter. This has been a source of headache for security professionals in many companies and has resulted in a rather shocking statistic. According to the 2017 Verizon Data Breach Investigation Report, 63% "of confirmed data breaches involve using weak, default or stolen passwords." Many employees also install programs into their work computers that can compromise security. One of the most incisive decisions that can be made by any business hoping to reduce the odds of being breached would be to ensure that employees are aware of exactly how to handle technology securely.
The Federal Communications Commission of the United States says, "having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats." In a country like India with the menace of pirated software is still high, particularly among small and medium-sized companies, this assumes even more importance. Companies must make sure that they use original software and install the latest version as and when they are updated to counter threats. Not doing this was a major reason for the spread of ransomware like Wannacry and Petya from earlier this year. Along with these, it is also crucial to run firewalls which keep an eye on traffic from the outside the company's own network and other programs which help maintain cybersecurity hygiene. An oft-repeated refrain from many companies is the lack of visibility on security and money that goes into beefing up cybersecurity, but investing this money is no longer optional.
One of the basic tenets of cybersecurity is to have well-defined walls around different kinds of data which are put in different buckets, with access permitted only to those who must have access to that data. Not every employee needs to have access to every part of a company's data and limiting access can go a long way in reducing risks. There is also a need to make it difficult for nefarious elements to access data even if they have breached the outer walls. This mandates thinking beyond passwords. Implementation of multi-factor authentication in businesses is an idea whose time has come.
Among the simplest of things you could do to protect yourself against malware like ransomware - which 'kidnaps' your data, is to save a copy of everything. Backing up everything saves you from the hassles being at the mercy of nefarious elements. This could prove invaluable in the days to come as many security experts expect ransomware attacks to spike in 2018.
Time and effort that goes into defining and documenting cybersecurity policies is where all best practices start. These policies must detail the cybersecurity practices for the business and also must encompass an incident response plan which detail how to react in case things do go awry. Knowing how to react saves valuable time. Business continuity planning is another important facet. When natural disasters happen, there are many business continuity plans that are put in place. This needs to be standard operating procedure for breaches as well.