Glo MD, Chris Connor, chatted with CyberNews to share his views on Cyber Security and what businesses can be doing to better protect themselves and their systems, and educate their employees.
Check out this insight into the blog below;
Chris, what IT and cybersecurity details are often overlooked by new businesses?
"The lack of cybersecurity and awareness in staff is what is hugely overlooked in businesses. It is scary how easily individuals can be deceived through the art of phishing, even well-hardened figures and MDs of companies are being caught out and creating a huge vulnerability in their systems. Above all, I believe better, regular training on cybersecurity is required for every role in a business."
How did the recent global events affect your field of work?
"Recent global events, from the pandemic to Brexit, the Ukraine war to the rising costs of living and energy, haven’t in any way, shape, or form impacted us as a business yet. Following topical events, one customer reached out to check that their Disaster Recovery was in place and what we would do ‘if’ there was no power in the whole of the UK. This opened up a valuable conversation as it reiterated to them that a DR is not 100% fail-proof and has limitations while also reassuring them in other ways of how their DR plan is as sturdy as it can be."
Although there are more security solutions and providers available than ever before, certain companies and individuals still hesitate to upgrade their security. Why do you think that is the case?
"There are a lot of very expensive solutions that don’t actually solve some of the simplest of problems that people fall victim to. You can have an antivirus, a firewall, and tools that discover ransomware threats, but all it takes is for someone to receive a phishing email and they transfer money from the business to a random source, and you are never going to get it back. In the industry, we often refer to these solution providers as snake oil sellers, with solutions being sold that achieve something but aren’t really going to make a difference where it counts, especially when there are so many ways for hackers to slip through the cracks. However, it is still worth investing in your security to make yourself a lesser target. I’m not sure whether businesses are hesitating when it comes to security solutions or whether we are hesitating to give them solutions. At the moment, the industry is providing small solutions to a very large problem. You can make small progressive steps as long as you are aware that you cannot be 100% protected and that something new will pop up next week."
When it comes to customized cybersecurity systems, is this something businesses of all sizes should invest in, or is it only relevant for large enterprises?
"Every business should absolutely pay attention to their cybersecurity and be aware of their exposure and what it is going to cost them if their system is targeted. Everybody should do something to protect their business, but it depends on their individual exposure level, threat level, and cash flow amongst other factors to determine how much they invest in their cybersecurity."
What are some of the worst cybersecurity practices that can make companies extremely vulnerable to cyberattacks?
"This again boils down to users. It is the lack of education for the people on the ground, especially the people in the Accounts department that deal with payments. As well as this, businesses may not have robust processes to monitor accounts and payments to prevent successful phishing. Another vulnerability is people getting into ransom networks through shoddy practices, including not changing passwords regularly, having too many users with administrative access, and not patching their servers properly, to name a few."
With work from home becoming the new normal, what cybersecurity solutions do you see becoming an inseparable part of remote work?
"A critical element to successful remote working is having a decent connection that is robust with good wireless, cable, and bandwidth control that is not at the mercy of the kids in the house killing your internet connections. This is almost above cybersecurity when it comes to working from home, as you want your team to be working efficiently and be able to connect in without regular issues. Other than your typical cybersecurity best practices, it would be to stop trusting VPNs everywhere. If you are remote working using a VPN and a hacker attacks your PC, they will be able to easily connect to the rest of the business network, and it is their lucky day. Often the issue is that businesses view many cybersecurity best practices as an inconvenience, such as VPNs and 2FA, where there is an extra step they have to follow when they sign in. Unfortunately, the benefit of an extra layer of protection for their system doesn’t outweigh the inconvenience of them going through a less than 30-second process each day."
What does the future hold for Glo?
"Providing ethical infosec. We want to cut through the noise of others in the industry that are charging an absolute fortune and delivering bog-standard security. For us, it's not about making loads of money but delivering security properly to customers that need it and not ripping people off. People are sitting up and listening to cybersecurity as it becomes an increasingly prevalent presence in the tech industry, and rightly so, but we want to be the good guys delivering a service that actually makes a difference and directly helps target vulnerabilities where they happen most often. We are passionate about all things tech, so for us, this is just an extension of who we are and what fascinates us."
Thanks Chris, we can't wait to experience Glo-standard Cyber Security!