As we move ever closer towards a digital environment, cyber-attacks are constantly evolving and becoming more regular.
With this in mind, it’s never been more important for organisations to prioritise investment in digital services if they are to deliver the best possible outcome for both employees and the customers it serves. Failing to do so does not only impact an organisation financially, but even more worrisome, the impact on a company’s reputation and credibility can be quite significant.
With the level of attacks on UK and global organisations at a critical point, a punitive risk can have the potential to make-or-break organisations. Development of a mature approach to data in this modern age is therefore critical, and the first step is recognising that data protection, storage and assessment is a key part of the overall organisation.
Data protection Bill
From where you live, to your bank details to the latest item you purchased, it’s difficult for customers to not leave a trail of data when going online, engaging or interacting with a company.
When thinking about the enormous volume of data at employee fingertips in today’s organisations, we need to question whether preventative measures to ensure this remains protected are in place.
Introducing: the new Data Protection Bill.
At a time when organisations of all sizes are being overwhelmed with data, the bill has the potential to completely reshape the way in which we approach data protection in the UK. In tandem, it brings into focus how important maintaining the security of the data is, with UK firms that suffer a serious data breach risking a fine of up to £17m or 4% of global turnover. This means that now more than ever, data privacy management is as important to customer retention as the overall buying experience.
But even if organisations plan to invest in cyber security systems, these investments may be meaningless without the right people in place to make them work.
A recent Fujitsu survey – ‘The Digital PACT’ – found eight-in-10 organisations point to digital skills as the biggest hindrance to their cyber security function. Which means, a reluctance to this could be partly down to many organisations not considering themselves as a ‘high value target’ for attacks, playing the ever so unknowing and oblivious ‘doesn’t apply to me’ card. Taking a ‘head in the sand’ approach can mean a lack of protection and investment in or staff training and awareness.
Companies both big and small must build teams that reflect this reality, and take responsibility for the data they hold. Because, after all, with great power comes great responsibility.
Where does the responsibility lie?
In recent years, more often than not, a breach in security can be down to the behaviour of an individual within an organisation; therefore each and every employee across the organisation is responsible for its own security and integrity.
A common mistake has been to believe that because the term ‘cyber security’ can often relate to how data is managed, processed and stored, there is a tendency to place responsibility on the IT team. However, because all areas of an organisation – from finance to HR to marketing – leverage data in their day-to-day work lives, the truth is security affects everyone. Organisations must therefore foster and grown teams that reflect this, drawing on expertise from all corners of the business and more.
After all, this is a shared issue that must be addressed collectively.
Education in cyber-attacks starts with a conversation
Whilst addressing the skills gap through initiatives such as T-Levels and Government schemes – such as the introduction of cyber security lessons in schools in a bid to find the experts of the future to defend the UK from attacks – is a great first step, it’s important we not forget about the current workforce.
With a new Ponemon research – sponsored by Accenture – finding 55% of workers cannot remember receiving cybersecurity training, one thing is clear – a lot still needs to be done to educate the workforce in simple best practices such as flagging ‘unusual’ emails from colleagues and not clicking on links from unknown senders.
If organisations are to ensure they remain competitive and secure, exploring ways in which they can enhance the employee line of defence against cyber-attack is vital. How? By giving them the appropriate training and tools to do so.
To encourage proactivity, organisations should establish workshops to discuss how they manage and secure their data, what their environment consists of and how they thinking about cyber security within their practice area. To quickly show weaknesses in systems and gaps in knowledge, having conversations about what they consider as critical data and what makes up good password practices is an effective place to start.
Cyber security: a ‘people’ issue
With employees on the frontline of the cyber security war, it’s time organisations wake up to the fact that cyber security is no longer just a technology issue – it is now a ‘people issue’.
By ensuring employees are more cyber-aware through effective training schemes will still be one of the most cost effective way to reduce the financial and reputational impact of human error. However, it’s still important to bear in mind that this doesn’t mean companies should de-prioritise investment in technical and security controls. For example, investing in new technologies such as analytics or artificial intelligence can help move a company’s position from being on the back foot to understanding the entire attack from start to finish. How? Data available within their systems can be analysed to detect and respond to an attack in real-time, helping to minimise the impact in the wider company, its employees and customers.
With all of this in mind – one thing is true: it is only with such tools and strong, all-encompassing training programmes, that organisations can best safeguard themselves and their customers from the many threats of today.
James Longworth, Solutions Architect Manager at Insight UK
Image Credit: Bbernard / Shutterstock