How To Be Smart With Security

JM Group
10 July 2017
 

What are your most important assets? Your people, staff, employees, or that awful term, human resources.
What is the biggest threat to your organisation? The same.

The Danger Within
People are important because they are intuitive, innovative, creative, responsive, curious, and at times, unpredictable. It's that mix of abilities and attributes that creates the magic you depend on to provide the value your customers pay you for. It's also that mix of abilities and attributes that leads to the biggest single risk to our businesses.

It's our curiosity that leads us to click on the link in an email that downloads a cryptolocker virus, which then locks us out of our data and demands a bitcoin ransom. It's our desire to be responsive that makes us insert the nearest USB memory stick to hand in our laptop that contains monitoring or destructive malware. And it's our focussed creativity that makes us leave that laptop in a bar, that just happens to contain a client database packed with the names, addresses and credit card details of their customers.

And that's assuming any data lost or damage caused is entirely accidental. If one of your employees has a grudge or financial incentive, suddenly the problem multiplies.

Our most important assets are also our biggest threats. You can't live with 'em, you can't live without 'em!

Malware as a Service (MaaS)
According to the 2016 Verizon Data Breach Investigations Report (DBIR) the two fastest growing threat types are 'Person' (primarily phishing attacks, aimed at duping people to click on email links or open rogue attachments), and 'User' (devices, such as smart phones and tablets). That puts our people front and centre of the 'attack vector' of choice for the bad guys. And the mechanics behind these attacks are industrial in scale. To the extent that new cloud-based industries are developing, called MaaS (Malware as a Service) and EaaS (Exploits as a Service). They even have helplines and money-back guarantees! So it is really a case not 'if' we are going be hit by a cyber or data-loss incident, but 'when'.

Another scary statistic is that 75% of all malware is custom written and not re-cycled. That means people are targeting our businesses directly using these cloud-based services.

So What's a Company to Do?
There are various strategies IT can put in place. Network monitoring systems, minimum access privileges, role separation, anti-virus applications, data loss prevention systems, 'explosion sandboxes', AI-designed enterprise immune systems or behavioural analytics, that use machine learning to detect 'good' and 'bad' behaviour. Many and varied. These are all worthy of your consideration and add to the layered defensive strategy you should be implementing.

However, the single most effective way to reduce your risk is to sharpen-up your staff. Teach them what is good and not so good, what is likely to lead to a problem and what isn't. And as important, what our clients expect us to do with their (and therefore your) precious assets.

In the knowledge economy, data in all its forms is the second most precious thing we have. Yet we tend to assign it only third rate protection. You wouldn't let me loose on a particularly complicated piece of the large hadron collider without some significant education. So why do we let untrained people loose on our clients, or your own data?

There are many ways to do this, which I'm not going to go into here, other than to say that it should be slightly more imaginative than a poster saying, "Be careful with that spreadsheet!" A separate post, perhaps.

The Opportunity
The trick we are really missing here, though, is the opportunity this presents to actually impress our clients even more that we currently do. Assuming I'm not the only one noticing the increase in cyber threats and data loss, data theft and the sudden increase in use of bitcoins, our clients should be increasingly concerned with how their data is being handled. Talk Talk, the Panama Papers, WADA, DNC, the number of major incidents of systems being hacked, and often by the simplest means, is growing.

If I was a client handing my data to a supplier I would want to feel assured that it will be safe in their hands. We of course provide all the written and contractual assurances, but I'm sure Mossack Fonseca in Panama gave these to their customers. As a client, what would be much more convincing is if the people who were working directly on my business could talk intelligently to me about information security, how my data is managed, protected, processed, and how those with access to it are trained to maintain that confidentiality, integrity and availability. And even better, to be able to demonstrate that too.

When I put my car in for a service, if I see the mechanic putting oil in the washer bottle I'm going to be a little concerned. If he or she says they've replaced the diesel filter when it's an electric car, I'm going to start asking questions.

This doesn't mean we have to start educating our Account Directors about encryption types, nor our Marketing Directors about each of the 114 controls in the ISO27001 information security standard. What we should do be doing, though, is integrating subject-level, common sense, non-technical help about information security to all of our staff.

Dancing with Clients
But especially to those client facing folk, so they can talk intelligently about data residency, retention policies, access restrictions, backup & restore requirements, and yes, at a high level, use of encryption (then hand over to those that know most about that stuff); in other words, what 'good' looks like, what 'bad' looks like, why it's important, and what the consequences of going off-piste looks like to not only the client, but also your business.
(Of course you have to be doing all this stuff, as well as talking about it.)

If you can do this, not only will you be much better at looking after what's most important by addressing the single biggest threat to your vital company assets, but you should also have a much more confident client. And that can only be a good thing.

By Gavin Whatrup

www.sales-filter.com

Sales Filter creates value for their CIO/CDO/CxO network by sharing relevant knowledge and innovation that is of interest to them, "Filtering" out unwanted sales approaches and content.​

 

BLOG

How good are you at asking questions? By Applied Influence Group

A key component in becoming an elite influencer is developing your ability to listen, and crucially, listen well.  Listening is an essential skill, but to be able to listen you must have first encouraged the other person in your interaction to talk.  The most common way to initiate a level

23 October 2017

The Multi Horizon Innovation Discipline

Future proofing your organisation When people think of innovation, they tend to think of a new product, like the iPhone, or the driverless car. Think a little harder, and a company might think of making a process more efficient, like Toyota did with car making, or changing a business model, like

07 December 2017

Team Cohesion and Group Performance - From Applied Influence Group

"If everyone is moving forward together, then success takes care of itself" - Henry Ford We certainly agree with Henry Ford's view that moving forward together is a key element of business success. In context however, Ford's meaning was that everyone in his business was to follow his lead exclus

21 August 2017

Entreprenuer to Angel

You’ve built and sold a successful business – what’s next? Many entrepreneurs turn to angel investing to help other businesses grow. Angel investing is fast becoming the go-to source of funding for start-up owners looking to take their businesses to the next level. In 2015, a record

18 September 2017

Workplace Stress - A Podcast for HR Professionals

In the first episode of In the Stress Lab, Cathy Harris and Renee van der Vloodt from Keychange Coaching sat down to examine workplace stress and explore the following questions: Why are stress-related illnesses on the rise? Where does the responsibility lie? What are the main culprit

27 November 2017

Entrepreneur To Angel

You've built and sold a successful business - what's next? Many entrepreneurs turn to angel investing to help other businesses grow. Angel investing is fast becoming the go-to source of funding for start-up owners looking to take their businesses to the next level. In 2015, a record £1.8bn was

18 September 2017

The Car is the Future of Loyalty

  The car has the potential to become the ultimate loyalty card. The car is essentially an extension of our everyday lives. Most people use their car every day, spending a considerable amount of time listening to music on the radio or making important phone calls on the go. As a resul

11 October 2017

Give Me A Status Check - By Applied Influence Group

  We all hold a certain status and often we'll hold different levels of status in different circumstances. The CEO of a large corporation may hold high status at work but could hold low status within the local church or ParkRun community. In virtually every group we exist within, there w

13 November 2017

Giving Effective Employee Feedback

  Effective feedback is highly beneficial to business.  Delivering feedback however is not something everyone is comfortable with.  Studies have shown that effective feedback not only benefits your bottom line but also keeps employees more engaged with their work, removes co

12 September 2017

How to get the most out of a recruitment agency

The benefits of using a recruitment agency are plentiful.  Here's Sophie, one of the JM Consultants, talking about how best to work with an agency and also how to manage your job search expectations.

19 October 2017

Preparing for a CEO Shakeup - By Applied Influence Group

For anyone who's part of a senior leadership team, a change in CEO can be as exciting as it is scary. But 'preparing the ground' for this transition can make a huge difference to your own relationships inside and outside the business, and more importantly, give the new leader the best chance of

12 September 2017

The Multi Horizon Innovation Discipline

Future proofing your organisation When people think of innovation, they tend to think of a new product, like the iPhone, or the driverless car. Think a little harder, and a company might think of making a process more efficient, like Toyota did with car making, or changing a business model, l

07 December 2017

Recruitment & Religion - A Match Made In Heaven!

If I told you a recruitment consultant entered into a year-long programme to lead a monastic-life, led by the Archbishop of Canterbury, you would be forgiven for thinking it was penance for the much-documented sins of recruiters. It is, in fact, the story of Rebecca Green, one of the JM Group

27 November 2017

Recruitment & Religion - A Match Made In Heaven

  If I told you a recruitment consultant entered into a year-long programme to lead a monastic-life, led by the Archbishop of Canterbury, you would be forgiven for thinking it was penance for the much-documented sins of recruiters.  It is, in fact, the story of Rebecca Green, on

27 November 2017

Preparing for a CEo Shakeup - By Applied Influence Group

By Applied Influence Group For anyone who's part of a senior leadership team, a change in CEO can be as exciting as it is scary. But ‘preparing the ground' for this transition can make a huge difference to your own relationships inside and outside the business, and more importantly, give

12 September 2017

How good are you at asking questions? By Applied Influence Group

A key component in becoming an elite influencer is developing your ability to listen, and crucially, listen well. Listening is an essential skill, but to be able to listen you must have first encouraged the other person in your interaction to talk. The most common way to initiate a level of dial

23 October 2017

Agent-based Computational Economics The start of rational forecasting for good

Historically, economic forecast - on which most countries taxation, interest and spend policy is based - has used Dynamic Stochastic General Equilibrium (DSGE) models (1). In 2008, these models failed and a financial crisis of gargantuan proportions followed. The echoes of that crisis can be still h

17 August 2017

The Car is the Future of Loyalty

The car has the potential to become the ultimate loyalty card. The car is essentially an extension of our everyday lives. Most people use their car every day, spending a considerable amount of time listening to music on the radio or making important phone calls on the go. As a result, drivers s

11 October 2017

Give Me A Status Check - Applied Influence Group

  We all hold a certain status and often we'll hold different levels of status in different circumstances. The CEO of a large corporation may hold high status at work but could hold low status within the local church or ParkRun community. In virtually every group we exist within, there w

13 November 2017

The Ultimate Guide to Getting a Job in Your 20s

You have your entire career ahead of you. Exciting stuff! There's a chance that by the end of your 20s you'll be settled on a career path that will dictate your income and development until your retirement. Scary stuff! Now is the time to find out what you really want to do and set y

17 July 2017
Top