The crucial role of cybersecurity in the modern workplace

From server to smartphone, cybersecurity is essential everywhere to prevent data breaches and cyberattacks. The modern workplace — where you can work and collaborate anytime, anywhere, on any device — forms the most critical point to secure. The biggest security risks come from the user. How can you effectively secure the modern workplace without compromising productivity?

Every week, there is a news story about a cyberattack or a data breach, such as the hack of BabyTV or the data breach at the province of South Holland. These stories sometimes sound almost like fiction. The human factor often plays a significant role, and there was usually little awareness of the possible dangers. In the practice of most companies, data breaches and cyberattacks do not occur often, so little attention is paid to them. As long as things go well, there seems to be no need to act. Until something goes wrong.

Do not underestimate the risks

With the ongoing digitalization of business processes and the way we work, the dangers increase. According to the Cybersecuritybeeld Nederland 2023 (PDF), published by the National Coordinator for Security and Counterterrorism (NCTV), the digital threat remains significant, and cybercriminals are becoming increasingly sophisticated. The digital network that connects companies, suppliers, and products provides knowledge and scale advantages but also leads to risks and vulnerabilities.

For example, a ransomware attack at the Dutch Research Council (NWO) in 2021 caused delays in scientific research at universities and institutes. For smaller companies, a cyberattack or data breach can even disrupt operations to the point where the company’s future is at stake. This raises a crucial question that every company must answer.

How much risk are you willing to take as a company?

The NCTV advises in its annual report to ‘assume breach’: assume that a cyber incident has already occurred. What can go wrong? What data could you lose, and what would the consequences be? This helps clarify where you absolutely cannot afford to take risks, such as with administration, and where you can afford to take a bit more risk, such as with last year’s marketing materials. You can then tailor your security measures accordingly.

In our security services practice, we see that companies find it challenging to determine precisely which security measures are needed. The tendency can be to lock everything down completely, with all the consequences that entails for usability. The best approach is not a monologue but a dialogue. We onboard new clients with an assessment, guiding them on a journey to digital transformation. Learning to work with new tools and processes is usually a matter of getting used to and gaining experience, especially in the beginning.

Start with the devices

According to Microsoft, the workplace is the starting point for about 80% of all security incidents. This always goes through the device used for the workplace, whether it’s a PC, laptop, tablet, or smartphone. You always need a device to work with company data and applications, and that’s where you run the highest risk. Important security measures for devices include:

• Multifactor authentication: Not only logging in with a username and password but also with a verification code on your phone or email, or via facial recognition or fingerprint.
• Single sign-on (SSO): A separate login for each application is a security risk. With single sign-on, you replace all logins with just one login when you start the company environment.
• Passwordless authentication: Remembering and updating passwords can lead to sticky notes with passwords lying around. Microsoft is therefore pushing for verification without a password. If an application suddenly asks for a password, that’s a red flag.
• Locking your laptop when away: In a small company, there is little risk if you step away from your laptop for coffee. In a large office with outsiders, it’s better not to leave the payroll or financial program open.
• Securing company data on the device: Lost or stolen device? It’s reassuring if you can remotely end access to company data, for example, by resetting the device to factory settings.
• Regular software updates: Ensure all software on the device is up-to-date. Updates often contain patches for security vulnerabilities that malware or hackers can quickly exploit.

Even these basic measures for devices require some level of coordination. For instance, do you enforce updates or do you first warn your users a few times? On top of that, there is a whole range of security measures that can be implemented, depending on the organization. In our view, the needs and preferences of the business should guide these measures.

Use business needs as a guideline

The products and services shaping the modern workplace are standard. The real differentiation comes from optimally facilitating unique business processes with these products and services. This creates a workplace with added value, allowing your company to stand out to your customers. For example, think of a sales representative who efficiently showcases new products and trends on a tablet at a client’s location; a financial employee who quickly consolidates purchasing and sales data; or a product manager who easily connects suppliers via a portal. By understanding the business clearly, you can make business processes smoother and more secure.

For this reason, we ask new clients about their working methods. What are the roles and personas? What processes and data are involved? What goals are being pursued, and how can these be achieved more easily? It’s about uncovering the underlying business questions. We prefer to speak with the representatives, employees, and specialists who interact with clients daily. With this approach, new security measures are well-received in practice, and employees become more aware of potential risks.

Evolving cybersecurity

Cybersecurity, unfortunately, is not a matter of setting things up correctly once and for all. Cybercriminals are always active, and as an organization, you cannot afford to stand still. The challenge of adapting lies not so much in the technology but in its adoption. Awareness of current and emerging threats is necessary. As a Digital Survival Company, we discuss with our clients monthly the improvements we observe and new developments. A new market, target audience, or product must also be examined from a cybersecurity perspective. This helps in assessing the risks to the business.

The user is central: they are the ones who interact with clients and build the business every day. By facilitating a modern workplace that makes working and collaborating easier and more secure, productivity and protection against cyber threats are enhanced.