Individuals are using more and more devices and digital platforms to store personal and private information given more than 60 per cent of the world’s population is now online.
Yet, users are often not ‘digitally literate’ enough to fully understand the risks that come with these online environments.
While this is often addressed as an IT issue with pressure on companies to implement the latest and most secure technologies, the ‘human’ factor should not be forgotten as an element to build a strong defence against cyber threats. However, with users expanding in the online environment, the challenge remains on how digital literacy and cyber security can be promoted at this growing scale.
In a digital environment full of risks, everyone needs to be taken care of
One of the most inherent difficulties for businesses in the hybrid environment is maintaining visibility across devices and the employees that use them. The Australian workforce now sees 36 per cent of workers using personal devices to access corporate data and a greater 49 per cent connecting IoT devices to their home networks.
Such an array of unmanaged systems has created a void of proper cybersecurity practices and a basic understanding of it. This has left both businesses and individuals exposed to unnecessary risks by giving hackers the easy fodder to enter a database – statistics suggest that 46 per cent of all data breaches are a result of human error.
Even at the most basic level of password management, individuals show little literacy in proper password hygiene habits. The latest DBIR report showed that 82per cent of breaches is still involving human error. These poor password hygiene habits also extend beyond the value of protection as many are still unaware of what to do when an attack does occur. The latest IDC report by LastPass reveals that 45per cent of individuals did not change their passwords even after a breach had occurred.
Your security is as good as your weakest link. It doesn’t matter how robust everything else is, if one person leaves the door open, anyone can walk in. With this in mind, businesses need to make cybersecurity easy enough that both technical and non-technical people can implement it. Any given customer base consists of a range of digital capabilities and if digital assets are not user-friendly, these individuals will take shortcuts to gain access to a business’ services.
Businesses must offer solutions that ensure continuity for their employees and customers to save valuable time and effort, which, can also maintain points of sales. Nobody wants to spend hours a day learning about security, it instead needs to be ingrained into everything they do, so it becomes second nature.
How to get started on education
Even though a company may have the best cybersecurity standards and practices in place for their employees, the true challenge is ensuring that this is maintained and implemented across a wide scale.
First and foremost, businesses need to look at their employees as the first line of defence through a zero-trust approach towards digital entities. Not only is this a robust framework that is simple and cost-effective for businesses, but it can ensure greater security and integrity of personal and corporate assets. Basic security practices can also be amended through this approach of continuously validating each digital interaction, specifically mitigating the risk of compromised credentials.
While a strong password is a basic premise to protecting identity in the digital realm, passwordless solutions are the future that will have all users, digitally proficient or not, covered. Using technology such as LastPass authenticator, SSO, or federated identity enables users to login into devices and applications without the need to type in a password.
This streamlines the user experience for employees and customers, while still maintaining a high level of security and complete control for IT and security teams. This improves overall cybersecurity within the business and streamlines the user experience to maintain the point of sales – a win-win.
The proliferation and expansion of online environments are not showing signs of slowing down. Implementing highly sophisticated technologies is not enough to address the human factor in the face of cyber threats. Education of good password hygiene practices and making sure that education filters through to all users are good starting points to promote cybersecurity from individual to organisational level. These strategies are not simply solutions to existing security risks, but should also be integrated into an ongoing promotion of proficiency that echoes with an ever-evolving digital environment.