Q1 of 2024 saw a notable increase in the average number of cyberattacks per organization per week with these attacks reaching 1,308 – a 28% increase from the last quarter of 2023. That’s according to cyber security solutions provider Check Point, which noted that this “substantial increase from Q4 2023 accentuates a worrying trend of rapid escalation in cyber threats”.
As cyberattacks continue to grow in frequency and severity and remote and hybrid working expand the attack surface, avoiding cyber and compliance risks becomes increasingly challenging.
Today, this risk avoidance is vital considering a threat landscape that includes malware, ransomware, phishing attacks, and social engineering. The benefits of cyber and compliance risk avoidance are numerous and include protection of sensitive data, prevention of financial loss, maintenance of business continuity, increased customer trust and strengthened compliance.
These benefits underscore the importance of enterprises and employees taking actionable steps to avoid cyber and compliance risk in the workplace.
Cyber and Compliance Risk Avoidance: What Enterprises Can Do
Provide employees with secure by design collaboration tools
When employees are provided with secure collaboration tools, they will not turn to unsecure messaging and collaboration apps that expand the cyberattack surface in organizations and increase cyber and compliance risks.
Using secure by design mobile messaging technology avoids cyber and compliance risk in the workplace with end-to-end encryption (E2EE) that protects data at rest and in transit, ensuring that only the sender and receiver can read messages. The E2EE built into these platforms coupled with robust administrative controls that embed data security and compliance into business communication across every channel reduce the attack surface, providing no point of entry for malicious hackers intent on accessing and exploiting sensitive enterprise data.
Implement zero trust
Zero trust, a framework that mandates identity verification and authentication for all users and devices, can help organizations avoid cyber risks associated with the human factor while enhancing data protection, usability, and governance in the digital workplace. As part of zero trust, enterprises should implement strong identity and access management including multifactor authentication and biometric technologies such as facial recognition. By implementing a zero trust approach, organizations can minimize the risk of unauthorized access, strengthen data protection, and enhance overall security and compliance.
Set and enforce clear policies
Enterprises should also set and enforce clear cybersecurity policies. These policies should prohibit the use of shadow IT (the use of unsanctioned applications that are not monitored and managed by the enterprise IT department) and define acceptable use for BYOD (bring your own device).
As the use of Generative AI increases, enterprises should develop usage policies that address what tools are permissible in the organization and how employees are allowed to use them. Clear guidelines should be established on what types of data can be used with generative AI applications, what type of tasks are appropriate and how outputs should be evaluated and vetted for accuracy.
Reduce the complexity of the IT environment
Reigning in app sprawl is critical to avoiding cyber and compliance risk in the workplace. According to a 2023 report by BetterCloud, organizations are now using 130 SaaS apps on average. Many enterprises have different apps that serve similar or overlapping purposes. For example, an Enterprise Strategy Group (ESG) study revealed that 44% of organizations have deployed six to 10 communications and collaboration platforms, while another 37% use between 11 and 20 platforms. This is known as app sprawl. The more complex the IT environment, the more opportunities threat actors have to access data and carry out disruptive cyberattacks. Enterprises can minimize these opportunities by reducing the complexity of their IT environments.
Provide regular cybersecurity training
Providing regular cybersecurity training that educates employees on common threats such as phishing, malware and social engineering and teaches cybersecurity best practices can help employees take proactive steps to protect sensitive company data and information. Investing in this training is also the cheapest, easiest way to boost cybersecurity, according to the National Cybersecurity Alliance.
Cyber and Compliance Risk Avoidance: What Employees Can Do
Avoid the use of shadow IT
The practice of using shadow IT continues to grow. Gartner estimates that by 2027, 75% of employees will acquire, modify or create technology outside IT’s visibility – up from 41% in 2022.
To avoid cyber and compliance risk in the workplace, employees should steer clear of using apps and tools outside the purview of IT teams. Employees should understand that unapproved app usage reduces IT visibility and creates security blind spots that represent a serious threat vector for organizations. These blind spots increase the risk of data breaches, privacy violations, and non-compliance with regulations.
The fines incurred by firms in the financial sector for the use of unapproved messaging apps is a cautionary tale on the use of shadow IT. In 2022, the U.S. Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) fined 16 financial firms a collective $1.8 billion for the misuse of messaging apps. The fines for using unsecure communications channels now exceed $2.5 billion.
Ignore suspicious emails and texts
Employees can also reduce workplace cyber and compliance risks by ignoring suspicious emails and texts. Abiding by the premise that if something looks suspicious it probably is and making it a practice to avoid opening or downloading attachments from unknown senders are critical to avoiding these risks.
Create strong passwords
Strong passwords are a simple but effective way for employees to protect digital assets in the workplace. Creating passwords that combine special characters, upper and lowercase letters, and numbers and regularly updating passwords are essential practices for avoiding data breaches and identity theft.
Use secure connections
In the work from anywhere environment, using secure connections is key to mitigating cyber risk in the enterprise. Employees who use public Wi-Fi networks such as those in cafes and airports can open the door to hackers intent on using these unsecure connections to steal personal information, install malware, or intercept data. To avoid these risks, employees should use virtual private networks (VPNs) and secure Wi-Fi networks.
Wrapping up
Everyone in the enterprise has a role to play in protecting their organization against evolving cyber threats and compliance risks. When enterprises and employees take proactive steps to avoid cyber and compliance risks, they not only protect digital assets but maintain customer trust, safeguard organizational reputation, and protect financial assets.