Further to some thoughts that occurred to us in a tete-a-tete with Financial Express, (see media article here) we decided to pen down a series of Myth-Busters so that the adoption of Remote Work is neither marred nor mis-directed. This is the third in the series.
The Myth that Cyber security trainings ensure data protection…
As has been rightly said by the esteemed Yuval Noah Harari for the 21st century, “data will eclipse both land and machinery as the most important asset”.
In many cases of businesses that have transitioned to Remote or Hybrid Work, hardware such as laptop/ keyboard/ mouse/ screen is provided alongside a good connection, and supplemented by cyber security trainings to protect data.
Let us consider a few points;
(1) an organization, its client’s and its employee’s key asset, i.e., data, is lying across thousands of pieces of partly protected hardware,
(2) individuals, organizations, collectives, corporates and governments are all fighting to retain control of the data,
(3) multiple family members, including children, have access to employees’ hardware,
(4) there is a whole class of cyber criminals targeting this data and if they cannot obtain the data themselves, they simply deny access to the data to its rightful owners until a ransom is paid,
(5) governments will have no choice but to start protecting the data and people’s rights by imposing fearsome penalties, a trend that has already become quite prevalent.
Given (1) what’s at stake and (2) the fact that cyber security trainings are unlikely to protect against a creative and determined attacker with malicious intent and (3) the fact that employees are not the only source of risk in a remote or hybrid environment there is a need for the right kind of hardware, design, controls and policies to be instituted.
The alternative is to “plug and pray”.