Do your digital security measures evolve with technology?
Keith Buzzard CTO
In a recent conversation with colleagues, we were celebrating (and lamenting) the technology available to us in 2023. And how different things were in the world of tech when we first got into the industry.
Things got nostalgic very quickly. Remember when we had a different RSA Token for every account? When was the last time you used a TomTom to navigate from one place to another? Remember when we had to actually call someone to order a pizza? Now we can do all that and more on our phones.
It prompted the question: Could you live without your phone?
I think we would all like to say that we could, but when you start thinking about how much we use our phones, and what for, it becomes clear that life without our little pocket computers can be frustrating at best, and impossible at worst.
This should be a task that requires no interaction with your phone, right? Let us count the ways…
But what does all this have to do with keeping your organisation cyber secure, I hear you ask? Most of us need our phones for work, for authentication apps, using collaboration tools, contacting clients, or communicating with colleagues.
Technology changes so fast, but do our security measures evolve as quickly?
The evolution of the way we use our phones has been progressing so rapidly that, unless you’re in the business, most of us haven’t really noticed. But this naivety can be dangerous when it comes to protecting your data, and that of your organisation. Here are some examples of how cyber security has changed:
Social sign-in. Signing up for an account on a website using social media or Google login details can be quick and simple with no password to remember. But that simplicity comes at a ‘price’; you allow sharing of your data with third-party apps/websites, which may not have the same level of security as the main platform.
Biometric data is another part of everyday cyber security which we use through our phones. You often use a fingerprint or face scanner to gain access to certain apps (e.g., for banking), and even just unlocking your phone. It’s an incredibly useful tool in multifactor authentication.
The Internet of Things (IoT) means any device that is connected to a network—such as a Smart Speaker, smart watch, smart doorbell—can be controlled through apps and are often constantly monitoring audio data so that they can respond to their triggers (e.g., ‘Alexa…’ ‘Siri…’). The main risk when using IoTs is a lack of updates of their software. If a malicious actor is able to gain network access smart devices are often vulnerable targets – how often do you patch your smart lightbulb?
Multifactor Authentication (MFA) was primarily RSA Tokens. Now we get our security codes through our phones either via text, email, or even an app. The MFA codes on apps are often used to access our business devices, such as laptops.
Cloud networks and collaboration tools have swiftly become the default for many organisations as more of us work in hybrid or remote roles. These tools are an excellent way to work on documents with your colleagues and share data easily. The security risk comes from not owning the servers in which much of the data is stored, so ensuring your data is protected is not so simple.
When it comes to protecting your data whilst still allowing staff to use the latest technology, you’ll need to make sure that processes and procedures related to technology are updated regularly. By ensuring that you have the correct procedures in place and that your team are fully aware of the risks, and what to do in case an attack is attempted, you can ensure that your data remains secure.
Our data protection specialists at PGI are experts in helping organisations prepare for the ever-evolving tech landscape, where we are increasingly dependent on personal devices as collaboration tools and for multifactor authentication in the workplace. Talk to us to see how we can help you.
The most serious argument I’ve ever had with a very good friend came when they challenged me to a game of Crash Team Racing, a spinoff from the Crash Bandicoot universe in which you race characters in go-karts.
On 02 December, a 7. 6 magnitude earthquake struck the Philippines; and almost immediately after, my X (formerly Twitter) feed was filled with posts about it.
An IT Health Check is an annual assessment required for public sector organisations using the government’s Public Services Network (PSN).