There is no doubt that 2020 has been a strange year, but neither a global pandemic nor catastrophic economic disruption were enough to dissuade criminals from launching cyber-attacks against everything from government bodies to healthcare providers to video gaming companies to cannabis point-of-sale systems.
As much of the world’s population rapidly shifted to work from home models and businesses were forced to transition to remote operations, weaknesses in both security protocols and user training were exposed. Studies suggest that remote workers have caused approximately 20% of the data breaches, data theft and sale incidents, and ransomware outbreaks within organisations this year.
In addition to lax password practices, studies estimate the average household in developed countries owns more than eight Internet-connected devices, and the average household in developing countries owns three, typically using a shared network. This means companies not only have to worry about the risks caused by company-issued devices and VPNs, but also about their remote workers’ personal devices (e.g., computers, smartphones, gaming consoles, smart speakers, security cameras, wearable devices and the like).
It is no secret that where there are connected devices, there is an increased risk, but what about the threats that humans pose to data security?
The average cost of a data breach in these countries runs between $2.14 and $2.15 million. With expenses including forensic investigations, audits, crisis management, notifications to data subjects and data protection regulators business disruption, system downtime, revenue loss, legal expenses, regulatory fines, reputational damage and more.
“Front your ERP and other critical systems with a mature business process management (BPM) product like FlowCentric Processware”, recommends Denis Bensch, CIO of FlowCentric Technologies.
This approach allows a business to limit the amount of data and the number of systems to which individuals have direct access. When an employee needs to complete a specific task, only the data they require is pulled through from the other systems and displayed via the BPM software’s screens.
There are many advantages to this approach, Bensch explains, including staggering the amount of information that is exposed to a single person, and ensuring that corporate and legislative governance structures are adhered to.
“Every business should have watertight processes in places for the authorisation of any transaction, including the release of information. There also has to be a separation of duties so that no single employee has complete control of an asset (money, data, inventory, etc); cannot singularly authorise the release of that asset; or keep a local copy of the asset or records pertaining to the asset,” Bensch explains.
Limiting access to data reduces complexity for honest workers, while reducing the risk of a bad actor accessing and stealing hundreds or thousands of classified records at a time.