Date Published 17 Feb 17
Do you know who is responsible for cyber security in your business? If you don’t it appears you are not alone. New research carried out by BAE Systems among Fortune 500 companies has revealed that there is a big disconnect in when it comes to dealing with cyber breaches.
Of the 1000+ IT managers and executives surveyed, half of IT staff believed dealing with a cyber attack was the job of the management, while a third of chief executives believed the opposite – that it was the IT department’s job.
Whatever your point of view, the research highlighted a fundamental requirement when it comes to planning your cyber security strategy – there should be buy-in both from your board and your IT staff. Leaving cyber security to be dealt with by one department leaves all types and sizes of business vulnerable.
When the World Economic Forum lists cyber-security as one of the greatest threats to business and the EU security commissioner estimates that the cost to the financial services industry alone from cybercrime could reach £1.5bn this year, it is clear that we have to take cyber security seriously.
Here are some of the steps to consider to reduce the risk of being affected:
Make cyber security a management issue. Create a clear set of data protection and privacy policies that all staff have to follow and make sure they are being enforced. Treat any non-compliance with these policies as a serious HR issue.
Fully protect IT systems and monitor them constantly for any anomalies. If you are using a third party software, cloud services or infrastructure provider check that they share the same approach to compliance and data protection. How do they protect the services they provide or their data centres? Do they operate to the correct ISO, legal and/or government security standards? If using the big public cloud providers, check where your responsibilities lie.
All staff – not just those who work in the IT department – should be educated about new and existing threats and how they can be mitigated. A simple mistake by a member of staff such as opening an email attachment can open the door to cyber attackers. Training staff well and updating them regularly can help minimise the possibility of a breach.
Data protection regulation is being updated as governments understand more about the risks. Keep your business safe by adhering to relevant legislation. Whatever the outcome of Brexit, the new EU General Data Protection Regulation will come into force in the UK in May 2018. Those who leave it too late to adhere to the new rules could be subject to huge fines.
As Oliver Parry, head of corporate governance at the Institute of Directors, said in response to the research, "Lasting cybersecurity only comes from embedding good practice throughout the culture of an organisation, starting from the top."
Sadly there is no one silver bullet to save your business from being the target of a cyberattack. However by following the guidance above you can make it a lot less likely.
To find out more about how you can protect your business join my roundtable on “The Importance of Business Continuity and Disaster Recovery” at the Executive Leaders Network event in Reading on 9th March 2017.
Please complete the below form