As security experts, we are often asked what we expect the year ahead to hold, in terms of IT trends and subsequently our advice. Part one of our two-part blog series on our expectations for 2019 is as follows:
1/ Top level interest and awareness in cyber security
The enforcement of the GDPR in May 2018 sparked an increase in interest for security and IT expertise and advice. With the regulation still in its early days, and the potential significant fines and reputational damage, cyber security is likely to remain an important boardroom topic during 2019.
Our advice: Continue to dedicate time to cyber security, work with your IT provider to formulate an ongoing risk assessment/ roadmap to identify where your vulnerability may lie.
2/ The continued growth of the Cloud
On-premise systems continue to reach the end of their life and Windows 2008/R2/SBS2011 are no longer supported from February 2020. Cloud-based solutions are therefore expected to continue to grow in dominance due to the greater degree of flexibility they provide. However, it is important to think carefully and consider any potential risks involved in handing data over to a third party.
Our advice: Conduct a risk analysis of the system and the type of data that you will be sharing. Look out for accreditations such as Cyber Essentials Plus and ISO 27001 for reassurance. Where individuals access the company network from their mobile, engage with your IT partner to understand whether you have a MDM (Mobile Device Management) in place. This helps to ensure cloud applications installed on users’ devices are safe for your company network.
3/ Artificial Intelligence continues to thrive
Artificial Intelligence (AI) is likely to continue to expand into more industries during 2019. Over the past few years, AI has resulted in driving more intelligent cyber security solutions such as sophisticated real-time monitoring and alerting. Simultaneously, cybercriminals are exploiting this technology to their advantage too. For example, machine learning used to personalise phishing emails, making them more efficient and convincing.
Our advice: Engage with your IT security partner to explore your cyber security options, especially in terms of breach alerting. Train your staff to be vigilant and aware when responding to emails and clicking on links within them.
4/ Major security breaches continue
The most recent breach in January 2019 listed on HaveIBeenPwned.com contained almost 800 million user credentials from a range of accounts. As cyber criminals methods become more sophisticated, user behaviour continues to worsen the problem. Password security is still weak, with many people using the same password for multiple accounts making them an easy target.
Our advice: Conduct regular information security training sessions to improve user education on IT security best practice. Advise your staff to use a password manager to control password reuse. Entering your email address into https://haveibeenpwned.com/ will reveal if your email has been compromised.
If you like what you’ve just read, look out for part two of the blog series coming next week!
Contact us for: Cloud Services, IT Security, Infrastructure Consultancy, IT Management & Support