The top three priorities companies should consider when planning a cybersecurity strategy

If the past year has taught us anything, it’s that no corners can be cut when it comes to cybersecurity strategies. There have been over 65,000 cyberattacks in the past 12 months, some of them hugely detrimental such as the major Colonial Pipeline attack which cost the company a staggering $5 million ransom and triggered a state of national emergency in the US following a supply chain crisis. It’s clear that companies need to make sure they have the right measures in place to protect their hardware, their staff and ultimately the entire organisation.

As we reflect during cybersecurity month, we’ve put together some of the top cybersecurity priorities to be aware of when building out your strategy.

1. The challenges and vulnerabilities of remote working

The mass shift to remote working means the personal and professional have become more intertwined than ever before – for example, employees are more likely to be using passwords across personal and business applications as there isn’t an obvious mental barrier, like going into and leaving an office is. This inevitably leaves employees – and whole companies – exposed. Another example is using the same devices to carry on professional and performance work, making them more vulnerable for cyber attacks.

 With working from home becoming so popular and most companies adopting a new hybrid work setup, its crucial business leaders adopt genuinely robust, but flexible, security measures that covers security from all angles, such as SASE (Secure Access Service Edge). SASE is predicted to become the go-to security approach in a decentralised hybrid working world that is managing ever-increasing quantities of sensitive data. In the new era of hybrid working, security needs to span on-premises and the cloud, protecting every corner of the decentralised network.

2. European security for European businesses

Cyberspace is fast becoming the new battleground for nation states to exert control over new and emerging technologies and as such cybersecurity has spilled over to the geopolitical realm. For businesses in Europe, it is wise to ensure that all third-party software and service providers are based in the region. They should also consider looking to house data with European-based providers, rather than risk the privacy of their data with hosts from other continents.

As well as guaranteeing an organisation’s data and infrastructure won’t be exposed to foreign entities, relying on private cloud infrastructure in Europe can also ensure security across the low-latency data transfer essential to increasingly distributed organisations.

This also means an organisation’s cybersecurity challenges will always be best addressed by experts who understand the organisation, its language, and its culture. The same native understanding of their customers’ regulatory environment, and the constraints it represents, enables those experts to respond to any issues the moment they arise. Most importantly, though, choosing a European provider will offer organisations peace of mind that their data is in safe hands.

3. Having the correct training in place for staff

Protecting hardware can be as simple as having the most up to date software in place to but there needs to be a change in mindset. Shockingly, despite the fact the UK has been working remotely for over a year, one in five home workers have received no training on cyber security. At the same time, cybercriminals have been actively exploiting people’s concerns around COVID-19. Indeed, there have been a wealth of phishing scams where attackers have posed as the World Health Organisation (WHO), pretending to give advice or circulating fake medical updates in order to convince victims to click on bogus links.

Education is key. Business leaders should engage with employees and project a safety-first mindset across the whole company – driven by c-level executives and filtering down to everyone. There are several ways to go about this, but whether it’s online training sessions with a CSO, weekly team meetings or external courses, education can be the difference that makes an employee stop for that split second before they click on a phishing link.