How To Be Smart With Security

JM Group
10 July 2017
 

What are your most important assets? Your people, staff, employees, or that awful term, human resources.
What is the biggest threat to your organisation? The same.

The Danger Within
People are important because they are intuitive, innovative, creative, responsive, curious, and at times, unpredictable. It's that mix of abilities and attributes that creates the magic you depend on to provide the value your customers pay you for. It's also that mix of abilities and attributes that leads to the biggest single risk to our businesses.

It's our curiosity that leads us to click on the link in an email that downloads a cryptolocker virus, which then locks us out of our data and demands a bitcoin ransom. It's our desire to be responsive that makes us insert the nearest USB memory stick to hand in our laptop that contains monitoring or destructive malware. And it's our focussed creativity that makes us leave that laptop in a bar, that just happens to contain a client database packed with the names, addresses and credit card details of their customers.

And that's assuming any data lost or damage caused is entirely accidental. If one of your employees has a grudge or financial incentive, suddenly the problem multiplies.

Our most important assets are also our biggest threats. You can't live with 'em, you can't live without 'em!

Malware as a Service (MaaS)
According to the 2016 Verizon Data Breach Investigations Report (DBIR) the two fastest growing threat types are 'Person' (primarily phishing attacks, aimed at duping people to click on email links or open rogue attachments), and 'User' (devices, such as smart phones and tablets). That puts our people front and centre of the 'attack vector' of choice for the bad guys. And the mechanics behind these attacks are industrial in scale. To the extent that new cloud-based industries are developing, called MaaS (Malware as a Service) and EaaS (Exploits as a Service). They even have helplines and money-back guarantees! So it is really a case not 'if' we are going be hit by a cyber or data-loss incident, but 'when'.

Another scary statistic is that 75% of all malware is custom written and not re-cycled. That means people are targeting our businesses directly using these cloud-based services.

So What's a Company to Do?
There are various strategies IT can put in place. Network monitoring systems, minimum access privileges, role separation, anti-virus applications, data loss prevention systems, 'explosion sandboxes', AI-designed enterprise immune systems or behavioural analytics, that use machine learning to detect 'good' and 'bad' behaviour. Many and varied. These are all worthy of your consideration and add to the layered defensive strategy you should be implementing.

However, the single most effective way to reduce your risk is to sharpen-up your staff. Teach them what is good and not so good, what is likely to lead to a problem and what isn't. And as important, what our clients expect us to do with their (and therefore your) precious assets.

In the knowledge economy, data in all its forms is the second most precious thing we have. Yet we tend to assign it only third rate protection. You wouldn't let me loose on a particularly complicated piece of the large hadron collider without some significant education. So why do we let untrained people loose on our clients, or your own data?

There are many ways to do this, which I'm not going to go into here, other than to say that it should be slightly more imaginative than a poster saying, "Be careful with that spreadsheet!" A separate post, perhaps.

The Opportunity
The trick we are really missing here, though, is the opportunity this presents to actually impress our clients even more that we currently do. Assuming I'm not the only one noticing the increase in cyber threats and data loss, data theft and the sudden increase in use of bitcoins, our clients should be increasingly concerned with how their data is being handled. Talk Talk, the Panama Papers, WADA, DNC, the number of major incidents of systems being hacked, and often by the simplest means, is growing.

If I was a client handing my data to a supplier I would want to feel assured that it will be safe in their hands. We of course provide all the written and contractual assurances, but I'm sure Mossack Fonseca in Panama gave these to their customers. As a client, what would be much more convincing is if the people who were working directly on my business could talk intelligently to me about information security, how my data is managed, protected, processed, and how those with access to it are trained to maintain that confidentiality, integrity and availability. And even better, to be able to demonstrate that too.

When I put my car in for a service, if I see the mechanic putting oil in the washer bottle I'm going to be a little concerned. If he or she says they've replaced the diesel filter when it's an electric car, I'm going to start asking questions.

This doesn't mean we have to start educating our Account Directors about encryption types, nor our Marketing Directors about each of the 114 controls in the ISO27001 information security standard. What we should do be doing, though, is integrating subject-level, common sense, non-technical help about information security to all of our staff.

Dancing with Clients
But especially to those client facing folk, so they can talk intelligently about data residency, retention policies, access restrictions, backup & restore requirements, and yes, at a high level, use of encryption (then hand over to those that know most about that stuff); in other words, what 'good' looks like, what 'bad' looks like, why it's important, and what the consequences of going off-piste looks like to not only the client, but also your business.
(Of course you have to be doing all this stuff, as well as talking about it.)

If you can do this, not only will you be much better at looking after what's most important by addressing the single biggest threat to your vital company assets, but you should also have a much more confident client. And that can only be a good thing.

By Gavin Whatrup

www.sales-filter.com

Sales Filter creates value for their CIO/CDO/CxO network by sharing relevant knowledge and innovation that is of interest to them, "Filtering" out unwanted sales approaches and content.​

 

BLOG

Save Billions By Thinking Of Your Influence Strategy - By Applied Influence Group

Upon reading the news headlines this morning, I was astounded to see this story detailing that one tweet from Kylie Jenner, a reality TV star, had knocked $1.3bn off Snapchat's stock market value. It begs the questions why did this happen and what could Snapchat have done to avoid it? Snapcha

12 March 2018

Mobile World Congress 2018 Predictions

The biggest mobile show on earth, Mobile World Congress, is about to take place in the Mobile World Capital of Barcelona for the 13th year in a row. At this year's event, the prominent theme is "creating a better future with mobile technology," with mobile communication now reaching nearly 5 billion

13 February 2018

Top IT Skills in Demand for 2018

One of the most common questions we get asked is: 'What are the most desired skills for the IT industry?' Here are some of what we believe to be the most in-demand IT skills so far this year: Top IT Skills SlideShare

02 May 2018

Quit Your Job the Right Way

31st January is the day workers are most likely to hand in their notice. If you are one of these people looking to move on then it's important to hand in your notice the right way. We Brits generally don't enjoy confrontation or awkwardness, so for most people, giving notice is not usually an enj

17 January 2018

5 Tips to be a Digital Hero

To be honest, I hate using the word digital. To me saying that a company is digital is about as useful as saying it runs on electricity. It’s what you do with digital technology to achieve your organization's goals that makes the difference. Digital should be part of the DNA of th

24 April 2018

Mood, Emotion, Temperament & Jamie Carragher

First things first, this is not an attempt to excuse what Jamie did. Just an examination of some of the factors that might have been at play and what we can learn to stop ourselves from reacting badly to situations.   I'm probably not the only one who was quite surprised to see Jamie Ca

12 April 2018

Human-Centric Mobile Trends 2018

Tired of buzzwords, glitchy new handsets, smartwatches, talks about how AI will replace employees, virtual reality shopping replacing physical stores, and other technology trends that hardly impact you in the short term? Then this is the trend report for you. We believe that the winners of th

24 January 2018

Annual Leave Infographic

The always-on nature of work has contributed to a decline in annual leave usage.  Unused holiday time not only hurts the economy due to lower holiday spend, it perpetuates a culture of burnout, ultimately reducing employee productivity.  The antidote to this is for employers to create a co

16 May 2018

Diversity & Inclusion

Creating a diverse and inclusive work environment is essential in order to compete for top talent amidst changing demographics.  This infographic points to the business benefits of diversity and illustrates how the working population is changing in terms of gender, age, race and ethnicity.

15 May 2018

Helping Hand

The end of the tax year presents a final chance to make use of tax allowances and exemptions that can give children a big step up the financial ladder. "Saving is a very fine thing. Especially when your parents have done it for you." As the intergenerational wealth divide widens, Winston Chur

27 February 2018

Brexit and IT Recruitment

The UK relies heavily on the immigration of EU citizens to make-up its workforce.  Over 2 million EU nationals work in Britain and over a fifth of UK start-ups are led by EU entrepreneurs.   Brexit may mean the end of free movement of EU citizens as restrictions on immigration are put i

26 April 2018

Why Google Won't Eat You

  I love Google Translate. It was in August 2016, in Rio de Janiero, when our eyes first truly met. I picked up Google Translate on my iPhone at the 2016 Olympics, and it turned out to be a lifesaver. Alone in the city, it allowed me to get around the city without having to depend on

27 March 2018

5 Tips to be a Digital Hero

To be honest, I hate using the word digital. To me saying that a company is digital is about as useful as saying it runs on electricity. It's what you do with digital technology to achieve your organization's goals that makes the difference. Digital should be part of the DNA of the organization and

24 April 2018

Perceptions of Change: How Much Intellectual Humility Have You Got?

By Applied Influence Group Prior to Barack Obama's decision in April 2016 to authorise the mobilisation of ground troops in Iraq and Syria, he had called the US' intervention in the region 'a dumb war', he had opposed previous troop surges during the Bush administration, promised to withdraw all

16 January 2018

Why Google Won't Eat You

  I love Google Translate. It was in August 2016, in Rio de Janiero, when our eyes first truly met. I picked up Google Translate on my iPhone at the 2016 Olympics, and it turned out to be a lifesaver. Alone in the city, it allowed me to get around the city without having to depend on anyo

29 March 2018

Employee Retention

Are you doing everything you can to retain your current employees?  In an increasingly tight market, organisations should be implementing solid retention strategies that include creating a great culture, offering development opportunities and competitive pay rises.  

14 May 2018

Top IT Skills in Demand 2018

One of the most common questions we get asked is: 'What are the most desired skills for the IT industry?' Here are some of what we believe to be the most in-demand IT skills so far this year: /uploads/library/files/Top%20IT%20Skills%20SlideShare.pdf

02 May 2018

Enterprise DevOps Transformations

Changes to Anticipate with Enterprise DevOps DevOps in a larger, mature organisation is different from its small and brave counterparts. For a start, it is far harder to embrace change. So when a movement like DevOps comes along, with its commitment to agile, it can be hard to re-organise and

03 May 2018

Mood, Emotion, Temperament & Jamie Carragher

First things first, this is not an attempt to excuse what Jamie did. Just an examination of some of the factors that might have been at play and what we can learn to stop ourselves from reacting badly to situations. I'm probably not the only one who was quite surprised to see Jamie Carragher in t

12 April 2018

The Hidden Benefits of Enterprise DevOps

DevOps can drive process benefits to an enterprise For those of you that have been stuck under a rock for the last few years, DevOps is a way of developing, deploying and supporting applications in the most responsive and coordinated way possible. Once it becomes established on a running pr

09 April 2018
Top