It’s all too easy to relax your stance on combatting cyber security but in truth every organisation is at risk. Larger attacks are front page news for the media but small and medium-sized businesses are prime targets.
A PWC survey found that companies with revenues under £50m actually cut security spending by 20% in 2014, compared to a 5% increase in security investments by larger companies – making smaller organisations an attractive prospect for hackers. It may just be a case of haggling with suppliers to save the difference in costs or surveying the market for a better and more secure solution at a lower cost but you cannot lower your vigilance.
With the spate of recent high-profile security breaches, it seems all to easy to gain access to the most seemingly secure organisations whom we entrust with our most personal data. Unfortunately, it’s not until an organisation suffers a serious breach do we find out about how lax and un-regimented their security protocols were such as storing our passwords and data in unencrypted files or as clear text.
How many other well-known organisations are still doing this with our data and hoping every day that they are not the next name in the media gaze after having suffered a major breach. With organised crime now clearly targeting cyber crime as a substantial revenue stream, the number and complexity of breaches is and will continue to rapidly escalate.
The cost of a serious breach can be financially severe but more importantly can be catastrophic to your commercial reputation with many organisations failing to ever recover, often with further reputational damage inflicted through poor handling of the aftermath. I’m a great believer in all boards having a technology subcommittee to question and guide on technology issues as all boards have audit, remuneration etc. committees.
To prevent your organisation being susceptible to cyber security you must institutionalise your vigilance and make certain that your policies are well documented and clearly understood by everyone from the mail room to the boardroom (security should already be high up on your boards agenda).
It is imperative that everyone feels a sense of responsibility, is motivated to adhere to your policies and able to accept responsibility on an individual level.
It also means tightly integrating security in to your corporate strategy rather than trying to shoehorn it in at a later stage where it may be compromised or not fully engaged.
Simple things like passwords are still one of the easiest measures to tighten up as they have long been a thorn in the side of any organisation with many using seemingly simple to crack, often generic passwords across multiple services.
Going forward biometrics may resolve a large proportion of password issues and the cost of implementation will fall over time. Biometrics are seen as the next evolutionary stage of managing personal security with sectors like banking currently looking to implement fingerprint technology in to your future debit and credit cards to add an additional layer of purposeful security.
The truth is that many companies may not even know they have been hacked or their security probed until a ‘back door’ is found and exploited well after the attack(s) have taken place. This is a scary scenario and one that shows serious lapses in security practices which are ripe for exploitation by those so inclined.
So to reiterate, make sure your security practices and policies are well documented and clearly understood with everyone motivated and as vigilant as possible to ensure they are adhered to at all times.
After all, you don’t want to be tomorrows front page news!
This post has also been featured on the HP Business Value Exchange here