CALL US: 216-397-4080  | CLIENT HELP DESK: 216-539-3686

Good News, Bad News

Good News, Bad News

 

Riverbank Ruminations; Observations from The Banks of The Technology River

Tom Evans ~  Ashton Engineer Emeritus

 

We all probably have had one of those conversations that starts with the question “Do you want the good news or the bad news first?”. There is the old joke:

Do you want the good news or the bad news first?

Good news

You are going to be playing golf in heaven.

That sounds great. What is the bad news?

Your tee time is 9 AM tomorrow.

From the security world, there is good news and bad news. The good news is that the number of data breaches in Q1 of 2020 is down 58% compared to Q1 of 2019. The bad news from the report was that the number of records exposed was at a record high of 8.4 BILLION records for a 273% increase. This is just for the first quarter of the year. Even if you take out the 5 billion-plus records from one breach, the record count is still up 48%.

The exposure was due to a mix of malicious actors and accidental exposure from misconfigured servers. This highlights the challenges involved in your data being in someone else’s care. They make a mistake configuring a server and your data is sitting exposed for anyone who happens to wander along. If you are paying someone to manage your data, are you doing any independent checks to see if they are securing properly? If not, why not? If you don’t know how to check find someone who does. Unless you don’t care who has your data. Most businesses do care. The good news is that there are plenty of people who can help with this task, the bad news is you need to do your due diligence to assure you get a good match for your business.

Work From Home Numbers Increase

With the work from home situation looking like it will be around for the foreseeable future, many companies are wrestling with security under the new configuration of a mostly remote workforce. Some companies have expended extra effort to educate employees and beef up security. Well done. This report from Trend Micro has some heartening (good news) statistics:

  • 13,200 remote workers across 27 countries .. the Head in the Clouds study.
  • 72% feel more conscious of their organization’s cybersecurity policies since lockdown began,
  • 85% claim they take IT instructions seriously
  • 81% agree that cybersecurity is partly their responsibility
  • 64% even admit that using non-work apps on a corporate device is a risk.

Unfortunately, there are so not so heartening (bad news) statistics:

  • 56% admit using a non-work app on a corporate device (see the last point above)
  • 66% have uploaded corporate data to a non-work app
  • 39% of respondents “often” or “always” access corporate data from a personal device
  • 29% feel they can get away with using a non-work app, as IT-backed solutions are “”

As you can see there is a fair amount of disparity between what employees ‘believe’ or ‘know’ and what they actually do. The report suggests that there are four types of employees; fearful, conscientious, ignorant, and daredevil. All need different approaches to being trained when it comes to the proper view of security. It is an interesting perspective and one that seems fairly reasonable. Once again, it emphasizes that training can be a challenge but it is needed.

Companies Need to Admit That a Problem Exists

We are well along the stream of time for COVID related changes. On the other hand, in comparison with how long businesses operated previously (on-site with few remote workers) it hasn’t been that long. This is a relatively new situation and companies are still adjusting. There is a commonly held view that the first step in solving a problem is to admit there is a problem. If you don’t recognize the problem, you won’t spend any effort to fix it.

Securing a remote workforce is difficult enough but if you don’t know how secure your workforce is, you don’t know where to spend your scarce resources. It is an unusual small business that has the resources to do an accurate assessment and remediation when it comes to security. For that, you need some experienced help. The good news is companies like Ashton are available. If you don’t partner with someone knowledgeable, however, there will probably be more bad news for you in the future. If you’d like to help secure your remote workforce, give Ashton Technology Solutions a call at 216 397-4080.

 

 

Related Posts