Every insurance brand is online now, most using Cloud services and API dashboard systems across the different parts of the insurance chain. Mostly, it works well and client data is kept secture, but sometimes things go wrong. IT experts from HostingSystems.co.uk reckon that 88% of cyber breaches were caused by preventable employee mistakes. Even after 25 years of the internet, people are still opening dubious emails, attachments and sharing weak passwords etc.
With the cost of cybercrime to the UK economy estimated to be around £27 billion, organisations should ensure teams are trained to update systems and keep cybersecurity front of mind.
Image Credit: Unsplash
Since the pandemic, Cloud services and applications have aided the transition to remote working and drastically improved how businesses operate. However, the experts from HostingSystems.co.uk say organisations who have made the transition without proper cybersecurity management in place could be leaving the backdoor open for criminals to exploit. Weak passwords are one example of poor security which can leave corporate cloud services defenceless against automated software used by hackers to test weak passwords against accounts.
The storage and sharing of data must follow GDPR legislation, plus FCA rules, which means data owners must undertake risk assessments and vetting to ensure that the location in which their data is stored will be secure and that there is no chance of a breach. Are your remote staff making sure that visitors or family members are not viewing customer details, or taking smartphone photos of assets, addresses and so on? For insurance brands it’s worth making sure that partner companies like breakdown and Legal suppliers are also following strict security protocols via their WFH HR guidance and employee handbooks too.
Juliet Moran, founder of HostingSystems.co.uk says that although cloud providers manage business-sensitive data in their system with complete security measures, business leaders are ultimately the owners of the data and must take care of some measures to protect it from external threats.
“With the incorrect security measures in place, such as insufficient credential management and poor network security, businesses are putting themselves at risk. The cloud is now a fundamental part of modern businesses because of how it has helped to transform processes, cut costs, streamline data and create easily accessible work environments. Data stored in the cloud is encrypted and most providers have built-in threat detection software, so as long as companies introduce proper security measures, solutions and procedures to ensure risks are minimised, there is no reason to still be relying on physical data and servers.”
- Make sure passwords are secure
IT departments with poor password security are putting the business at risk of cyber security attacks. Weak passwords that have under 14 characters, with no capitalization or special characters become vulnerable to cyber attackers who can use automated software to test weak passwords. For this reason, it is important to stay clear of basic and common passwords, as well as avoid password reuse across multiple accounts. This will prevent hackers from being able to use the same password to get into other corporate cloud services or programs.
2. Make sure to monitor networks
Employees dealing with the cloud should have an understanding of the system and how to detect if there is suspicious activity. It may sound simple, but systems that are not managed properly have weak spots that will be more vulnerable to attackers trying to access the system. Business leaders should share best practices so that people can spot an adversary and report it before damage is done. It is also important to be able to check that the network security is strong enough to be resilient against attacks, regularly review and update access controls and amend security settings because it is easy for users to misconfigure assets leaving vulnerable spots.
3. Don’t rely solely on the cloud providers
After making sure that a provider is reliable, businesses must work on creating a system to ensure that they keep their cloud system secure. Businesses have a responsibility to take the necessary precautions and steps to address any infrastructure issues to protect the security of the cloud. Although the misconception around data responsibility is somewhat understandable, business leaders should be doing their research into GPDR legislation before making the switch.
4. Add an extra layer of security
Organisations should implement strategies to protect themselves. Whether that be a data-recovery strategy that enables them to manage storage and requirements simply and easily, by re-evaluating how many employees have access to the cloud, or by adding multi-factor authentication. Methods should be used around the wider organisation that are going to stop vulnerabilities. It is also essential to educate employees as to why these measures are so important and how to use them effectively.
5. Keep systems up to date
It is important to always keep cloud software up to date because outdated software is much more vulnerable to attacks and malware infections. Cybercriminals can scan for outdated software and gain unauthorized access to launch attacks and steal or compromise sensitive data. It is vital to maintain and patch systems, and organisations should make sure they are always on top of updates that are important to their security.