Current Filter: Network>>>>>Opinion>

   

With an improving economy employment rates are edging towards their highest level for years. As a result the level of job mobility amongst the UK workforce is also on the up. Recent research from Hays Recruitment found that over half of those surveyed (59 per cent) are looking to change jobs in 2016.

While this seems like good news its effects need to be carefully considered and understood. Specifically, UK businesses must prepare for the increased security risks it can bring and review their ability to manage increased staff changes and the impact on security of their information systems.

The first step that companies must take to control access to sensitive data is to close accounts and the associated access rights as soon as an employee leaves: it should be a clear and audited part of the leaving process. It sounds obvious but open dormant accounts provide an easy access point for cybercriminals. Recent research among IT decision makers found that 39 per cent of large businesses took up to a month to close accounts with small and medium business taking longer. By closing leaver accounts immediately, companies reduce the risk of attack.

Attacks from insiders are on the rise. It's thought that 44 per cent of security breaches in large businesses result from insiders. Organisations must wake up to the reality of an employee attack. Irrespective of the source of an attack it's imperative that an access management solution is in place to prevent sensitive data falling into the wrong hands.

To help organisations in this endeavour there are five steps that will help to establish best practice and reduce the known security risks associated with staff mobility.

Shut down inactive accounts: As employees and contractors move around, organisations must make sure that they quickly close inactive accounts. The access rights associated to these accounts need to be removed promptly and this should be established as part of the HR process.

Focus on protecting critical data: When it comes to security there is no such thing as zero risk. Businesses must be proactive to protect their critical data. Identifying the most sensitive data is allows it to be controlled ensuring that it is only available only on the basis of need relating to an individual's role.

Track and audit data: Setting up control is the first step. Access to data must be closely tracked and audited. Job mobility means that roles change and user access rights must be reviewed to ensure only users who need access to critical data have permission. Carefully auditing sensitive information means that companies can be more confident that their information is only being accessed by those with permission supported by a clear process if anomalies occur.

Strong identity and access management: Identity and access management is a security foundation, a secure system that enables companies to manage users and know who is accessing what data. With this in place organisations are denying cybercriminals access to corporate systems as opposed to picking up the pieces after.

Employee education: It's not just about technology. Companies can reduce risk by educating their employees on the importance of cyber security and explain the impact that a breach can have. Inadequate employee education was cited as a key reason for security breaches by 15 per cent of respondents in our 2015 Breach Confidence Index. With changing threats and staff mobility this needs to be a continual process to be effective.

Once admitted to your network an attacker will move laterally, taking their time to assess the value of assets. Controlling and auditing access is the best the place to start the defence. NC