A failure to manage risk is risky business

Cyber security affects companies’ credibility and capacity to operate in the digital world, explains Sam Jones, project development executive at BGi.uk

Cyber-crime is unquestionably one of the biggest threats facing the world today. Yet in a constant stream of warnings and advice, we are still seeing a disjointed approach to mitigating and managing the risks businesses face through being connect to, and operating in, the digital world.

Recent research by the Insurer Zurich stated half of SMEs will not invest more than £1,000 on Cyber security. Whilst there is no silver bullet, if you suffer a Cyber-attack or failure it is evident that the more resilient you and your business are the more likely you will survive the event. Cyber-protection – or increasing your organisation’s Cyber-resilience – requires investment of financial and intellectual resources. This is Risk Management.

Data is at risk from thieves, hackers and, of course, it can be accidentally lost or damaged. What in your Cyber-world has a value to you or others? With the introduction of the General Data Protection Regulation (GDPR) the data you hold comes with a huge responsibility, indeed, a liability. You need to consider what is likely to be targeted, where the value is in your system and where you are vulnerable.

The data on your system will be composed of information on your staff, employees, suppliers as well as the day-to-day details of your business operations. Not only must a business protect the systems, where data is used and collected, but also backing up the data to secure servers should be a priority. The ability to recover lost or damaged files is key to managing risk and increasing resilience. A market leading service such as Datto can restore data within hours and recovering your data expediently will enable you to carry on your activities and processes – more or less without interruption.

Of course, a data breach is just one of the threats facing businesses. Ransomware can block systems, denying access and interrupting trade. We all know the old adage that time is money and not only are profits hit but reputational damage can be long lasting and hard work to repair.

Businesses have a responsibility to all stakeholders to act in a safe manner and secure systems and data accordingly. The increased connectivity on the internet enabled world mean malware can spread to suppliers and clients. A company’s reputation, and value, can rapidly diminish from a poorly managed data breach through social media and 24 hour news reporting. Business will need to ask themselves if they have done all they can because if they have not then they have failed those trusting in their services.

Effective implementation of data protection regulations will help develop your Cyber-risk Management strategy and protocols. Whilst complying with regulation can seem an onerous and costly task, it can also be viewed as a good foundation toward improving your resilience to Cyber misfortune. Encrypting data, appointing a Data Protection Officer and implementing a data breach monitoring process are all required for GDPR. These are good starting points. Efficient implementation should reduce your investment costs on compulsory compliance whilst enhancing your security credentials.

The Human factor is often the weakest link in the chain but with the right training, an improvement in individual online behaviour can dramatically reduce the chances of a security breach. Key to Risk Management is increasing awareness and education at every level of the organisation: particularly its management and directors as they invariably have access to most parts of the system, the greatest amount of information to lose – and the authority to break the rules. Cyber-Security is not just an I.T. department problem.

Featured in: