Cybersecurity: keeping ahead of the risks

A recent survey suggested that nearly two fifths of UK employers have fired an employee for cybersecurity breaches since the pandemic began.  

It's undoubtedly the case that widespread homeworking makes it easier for such breaches to occur, whether deliberately or accidentally.  Although a sufficiently clear policy will usually enable the employer to take disciplinary action for serious breaches, this is definitely an area where prevention is better than cure.   So how can employers reduce the risk of breaches happening?

• Clear classification of information:  Businesses which handle a lot of confidential information may find it useful to classify such information according to the level of confidentiality (e.g. general, sensitive, confidential and highly confidential) and have additional security measures and access restrictions for the most confidential information.   This should be combined with a clear written policy given to all staff (ideally with a signed acknowledgement) explaining the classification and security measures, and a clear and consistent method of labelling the most confidential information.   Adopting this approach is also consistent with  the EU Trade Secrets Directive (which has been implemented by the UK).  
• Educate your workforce:  With cyberattacks becoming increasingly sophisticated, staff should receive regular update training on how to spot phishing and other attacks. The training should also cover how potential attacks should be reported and the potential consequences for the business and individual staff of negligent or deliberate breaches. 
• Rollout of new software (particularly cloud or browser-based applications for remote working) should be accompanied with training on potential risks and how these can be mitigated. 
• If the business is implementing additional IT monitoring to facilitate remote working, staff should be informed about the additional monitoring (this in itself may discourage breaches). 
• If staff are using their own equipment for work purposes while at home, the business should take steps to ensure that those devices are secure. 
• Finally, it's essential that remote workers are not left entirely to their own devices.  Disengaged, disgruntled staff are more likely to seek to misuse company data (or be sloppy about data security).  All staff who are working remotely should have regular catch-ups with their managers so that signs of disengagement can be identified swiftly and appropriate action taken.