Getting cyber security right is not easy. Even the largest organisations can find themselves in difficulties – as the recent high-profile problems encountered by Yahoo and TalkTalk show. But it is especially challenging for smaller organisations without the headcount or budget to cover every angle in detail. What should you do to give your organisation the best chance of success?
Seeing the bigger picture
Cyber security is a multi-faceted problem. You’ll need to take a step back and look at the issue on all fronts. Neglecting one may mean that this is a point of vulnerability that will be open to attack.
As things stand there is no well-defined market of specialist cyber security advisers. “Cyber” and “security” are multi-disciplinary areas covering IT security, information management, insurance, regulatory and legal. The temptation is to focus on one area at the expense of the others, but you’ll need to see the bigger picture. While the market develops (and you can help that by calling for a one-stop service) develop a small network of internal and external advisers and peers and obtain their contributions either as a team or individually.
Bring cyber security into the here and now
Expenditure now may feel like it is not really necessary. Most businesses do not suffer a serious breach in any particular year. Can’t the effort be focused on dealing with a breach if it happens?
But the regulations and fines for failure are tightening up. Under new EU data protection laws, self-reporting of breaches will be mandatory. Currently, the official position is that it is voluntary, although in practice there are a number of factors to consider and in many circumstances self-reporting is a good plan. The UK Information Commissioner would like UK law to align with the EU, even after Brexit. And users and regulators are starting to find the links between undetected or unreported SME cyber breaches and “bad stuff happening to ordinary people”. The net result is that ignoring cyber security risk is increasingly not an option.
One of the single most effective things you can do is to provide regular training for staff, supported by up-to-date policies which set clear standards and boundaries. Build awareness of cyber security into your culture so that everyone in the organisation is alive to the issues and knows when to take action.
A top-level issue
Like customer experience, user experience and information management, cyber security is an issue within the IT function requiring strategic leadership at the highest level. There’s every reason for IT professionals to grab the bull by the horns.
Read more at ITProPortal.