Newton’s Third Law and how it guides enterprise security

For the physics-challenged, Newton’s Third Law of Motion was famously coined by physics pioneer Isaac Newton and goes something like this: for every action, there is an equal and opposite reaction. Over the past couple of years, the evolution of technology has drastically remolded the workplace. Employees are no longer confined to a cubicle, and can work remotely.

With the COVID-19 pandemic plaguing countries globally, remote working and hybrid working have gained significant traction. As the disease can be transmitted easily, especially within crowds, an increasing number of companies are encouraging their employees to work outside of office buildings.

Indeed, this brings much flexibility. After all, all that is needed at a basic level, is a device with the necessary digital tools and a decent internet connection. However, Newton’s Third Law holds true, even in the case of technology-driven advancements. For every step forward technology takes, there is an equal and opposite pullback: an increased risk of cybersecurity threats.

Data becomes exponentially vulnerable when employees work remotely, and for good reason. Some factors that contribute to data breaches include having employees ‘shadow IT’, where personal systems are being used instead of company ones.

For example, an employee might download and share sensitive data with fellow co-workers over an unsecured connection, or download information onto unprotected devices. Other times, employees might carelessly leave company laptops in airports or trains, or bring hard copies of confidential documents off-site, only to lose them.

Albeit tricky, it is not impossible to practice remote working, and protect company data at the same time. Employees must first be fully aware of the gravity of cybersecurity breaches, and how to mitigate them. A breach could potentially cause a company millions upon millions of dollars. In 2018, 300 million customer’s personal data were compromised by the hotel chain Marriott, resulting in the company being fined in multiple jurisdictions, and up to 100 million pounds.

Employees must recognize that not only would a breach cause the potential loss of reputation for a company, it would also put their jobs at risk. They have the responsibility of protecting company data, and ought to fulfill it through simple precautionary measures such as not accessing company information through public WiFi, enabling email encryption, and most importantly, reporting any suspicious activity to IT staff immediately.

With sudden pandemics like COVID-19, most outdated IT systems would not be able to cope with the extra workload that comes as a consequence of the surge of employees working remotely. Systems would crash, or, to overcome system bottlenecks, employees would resort to moving confidential data to personal cloud storage or even social media platforms.

Thus, it is crucial that employers not be too comfortable with existing IT systems, constantly monitoring and updating them. Other simpler first-line defense measures can also be taken by employers, and these include changing WiFi passwords regularly, having proper antivirus software, and a good data encryption system.

Given how Newton’s Third Law reminds us of the potential unintended consequences of surging enterprise digitalization, it is also vital that employers consider cyber insurance. Of course, this should not take the place of strategic risk management, or continued investment in employee training and awareness. As digital tools and services continue to evolve, cyber threats are only going to increase in variety and complexity. Thus, it is imperative that business leaders not take cybersecurity for granted.

---

---

---

---