Paul Kelly: Basic cybersecurity protects against 98% of attacks

-

Paul Kelly explores the growing importance of basic cybersecurity training for staff. Given the rising amount of cyberattacks targeting enterprises and new research revealing employees are unable to detect phishing emails, it seems more prominent an issue than ever before.

Offering Hybrid working can liberate employees, help attract top talent and enable teams to do their best work from the location that works best for them. While the benefits for employers and employees are many, cybercriminals are also on the look out for opportunities this presents.

As organisations shifted to hybrid working, the attack surfaces for cybercriminals to exploit have grown exponentially. This evolving threat landscape has taught us all some tough lessons over the past eighteen months, a key takeaway being that security awareness and doing the basics matter. 

While there have been a growing number of sophisticated cyberattacks, data shows that many cybercriminals still favour tried and tested methods. In fact, Microsoft research shows that phishing – or email scams – is responsible for almost 70 percent of data breaches. ​

HRreview Logo

Get our essential weekday HR news and updates.

This field is for validation purposes and should be left unchanged.
Keep up with the latest in HR...
This field is hidden when viewing the form
This field is hidden when viewing the form
Optin_date
This field is hidden when viewing the form

 

A primary way criminals get in is through an unlocked door, so leaders need to ensure their employees are equipped with tools and knowledge to recognise and flag potential incidents. And, with Microsoft research revealing that basic security hygiene protects against 98 percent of cybersecurity attacks, nailing the basics is critical.

 

Attacks against enterprises are increasing, and so is the cost

In the last year alone, 4 in 10 UK businesses (39%) reported some kind of cybersecurity breach and this number has the potential to increase if businesses do not adequately secure their digital transformation efforts. The figure is even worse for small businesses, with one small business in the UK hacked successfully every 19 seconds, according to Hiscox.

The cost of a successful breach can also be extremely damaging, both to finances and reputation. The UK government estimated that cyberattacks cost businesses over £21bn a year, while Forrester revealed that 38 percent of businesses have lost customers due to security issues – with 44 percent of UK consumers claiming they will stop spending with a business temporarily after a data breach.

Certainly, there’s a lot on the line when it comes to ensuring that organisations are properly protected. Leaders need to implement practical security measures and create a strong security culture, so employees have a clear understanding of the dangers posed by poor cybersecurity hygiene.

 

Basic threat protection and mitigating risk

As organisations connect more and more systems together, security can become more complex, but organisations need to ensure that the diversity of skills, areas of expertise, work and learning style, and background, among other things are respected.

 The simple, practical steps any organisation can take to reduce their risk include making sure that they:

  • Get the Basics Right – In our personal lives, we’re all well used to a text message code from our Bank, Healthcare provider or Online Store to double check we are who we say we are. In a work context, this is an example of multi-factor authentication, a first key step to protecting against cyber threat. There are many ways this can be achieved – text message, mobile app, phone call etc. Biometric solutions such as facial recognition (e.g. Windows Hello for Business) are great for providing a slick, modern logon experience while also offering enhanced security without having to remember a password.
  • Apply least privilege access to prevent attackers spreading across a system. In the same way as you would determine HR access to sensitive information based on role and level, this this method works by setting rules on employee accounts that make sure they can only access the information they need to do their job, rather than the entire system.
  • Ensure devices, infrastructure and applications are up-to-date and correctly configured. Attackers look for easy targets, organisations who have not kept their systems up to date with the latest security updates. This potentially presents an open door for them. However, there are a range of tools that can help to keep an organisation up to date, such as Microsoft Endpoint Manager, which can secure each touchpoint in an organisation’s IT infrastructure.
  • Utilise cloud-connected anti-malware to protect against the most current attack methods and accurate detection capabilities, as well as implementing basic information protection best practices – such as sensitivity labels – and data loss prevention policies.
  • Democratise security awareness – educate your employees on what to look out for, help your leadership team understand the importance of security, and build diverse cyber security teams. The National Cyber Security Centre provide ‘Exercise in a Box’ – a great online tool which helps organisations find out how resilient they are to cyber attacks and practise their response in a safe environment Exercise in a Box – NCSC.GOV.UK

 

Put your people first

Building a people-first security culture is just as important as practical methods to protect your organisation. Training should be ongoing, designed to increase awareness and engagement. User training is not just a compliance activity but an essential part of the early detection and response to an attack.

Security training must also explain the risks in the context of the employees’ area of work, and provide the context and tools they need to recognise attacks, understand the appropriate behaviour and report unusual activity. A culture of enablement, trust, and engagement will significantly improve reporting and provide earlier warning of attacks.

By creating a people-first security culture, organisations will be able to ensure their users and data stays safe in a hybrid environment, while ensuring their employees stay productive and collaborative.

While cyberattacks are increasing and becoming more sophisticated, good cyber hygiene and security awareness is the best way to disrupt, prevent and detect such attacks. Do the basics well and organisations can set themselves up to ensure the businesses and their employees are protected.

_

Paul Kelly is theDirector of the Security Business Group at Microsoft UK.

 

Paul Kelly is UK Country Co-leader at AlixPartners, a global management consulting firm. He specializes in organizational transformation, finance, and the impact of emerging technologies on workforce dynamics. Kelly has contributed thought leadership to HRreview on topics including AI's impact on entry-level finance roles and broader workplace changes. His expertise spans strategy, digital transformation, and human capital implications of technological change in financial services and professional services sectors.

Latest news

England’s overnight World Cup clash and 5am pub opening prompt CIPD advice

The CIPD is urging organisations to agree any flexibility before England's 1am World Cup last-16 tie to help minimise disruption at the start of the working week.

Russell Cowley: Gen Z – rebuilding workplace culture, break by break

Gen Z workers are taking proper breaks and in doing so, they may be fixing something the rest of us broke.

Fit for Work: Weekend warrior? You can still reap the health benefits

Weekend exercise can still improve long-term health, even for people who struggle to fit physical activity into the working week.

Superdry co-founder’s victim warns workplace power can silence abuse victims

A survivor's account raises questions about speaking-up cultures and accountability in organisations.
- Advertisement -

UK’s always-on work culture ‘driving employee burnout’

Nearly half of UK workers say they end most working days mentally exhausted as rising workplace pressure leaves employees and managers struggling to switch off.

Andrew Murray on why no two days look alike

A people development leader shares how travel, training and a passion for helping others shape a working day with little room for routine.

Must read

Maggie Berry: Does flexible working really mean increased employee loyalty?

A huge part of bringing more women into the...

Sanjay Parekh: Why I chose a virtual office

Having considered how expensive it was for us to...
- Advertisement -

You might also likeRELATED
Recommended to you