Microsoft today named the UK as the best country in the world for online security. According to Microsoft’s Digital Civility Index, which measures the “extent of negative civil and personal safety interactions and their consequences”, British adults and children are the least likely out of 14 countries to encounter risk online.
That proclamation may be a surprise, given the horror stories in the media about cyber bullying at schools, ID theft from British citizens and cyber attacks on businesses — especially when two thirds of large UK businesses were hit by cyber breach in past year.
What’s more surprising, and arguably worrying, though, is that Microsoft has also found that UK concern about online risks was the lowest among the 14 countries surveyed, and hence much lower than the international average.
Those findings, particularly around the lack of concern, shed light into the attitudes to online risk in the workplace. The lower the perceived risk, the more chance employees are to adopt a blasé approach to IT security. And why wouldn’t they? What’s the risk?
This kind of attitude is one of the biggest cyber threats to businesses today. A security-lax employee is much more likely to fall for a phishing email, thereby inadvertently handing over corporate login details to a hacker, who then has a legitimate front-door key into your business networks. Once an attacker has their hands on a legitimate login, you’re unlikely to detect any wrongdoing until it’s too late, and they’ve either stolen sensitive information or encrypted your files to hold you to ransomware.
Technology is essential to protect yourself against these kinds of risks. You cannot afford to leave detection down to the human eye, for time is of the essence when a hacker gains entry to your systems, and even the most vigilant of IT administrators is at risk of missing the odd piece of suspicious activity.
IS Decisions products UserLock and FileAudit work in tandem to prevent attackers from gaining entry with compromised credentials, and alert you to signs of outside entry as soon as they happen, so you can take action quickly to mitigate the problem.
UserLock restricts access not just by passwords, but by other contextual information as well. For example, businesses can choose to restrict access to employee devices only, meaning that if an attacker attempts to gain access via a non-IT-approved device, they won’t get in.
FileAudit alerts you to suspicious activity on your network regarding files and folders. If someone makes changes to multiple files en masse, a sure sign that something bad is going on, you’ll receive an alert straight away so you can investigate.
There’s no better day than today — Safer Internet Day — to promote the message of more vigilance to online security for businesses. Compromised credentials can happen to anybody. Don’t let it be you.
