CEO Today magazine hears from Isaac Daniel, CEO at Macate, on the dangers and risks surrounding cyber security, offering 5 major considerations any CEO should make.
The recent global NotPetya and WannaCry ransomware attacks on WPP and NHS England both illustrate the immense threat cyber-attacks pose and should leave cybersecurity at the forefront of CEO’s minds. Yet many are still worryingly unprepared, largely due to a misunderstanding about which measures are most effective, and how best to implement them.
In today’s complex digital landscape, where businesses are increasingly reliant on mobile technology and internet access, every company is a target and CEO’s can no longer afford to turn a blind eye.
Understanding the risks
In order to create a holistic cybersecurity strategy CEOs need to understand the risks that cyber-attacks pose. Once the General Data Protection (GDPR) Act is implemented, businesses will have just 72 hours to report a breach of personal data, or face fines of up to €20,000,000, or 4% of global turnover. These new non-compliance fines are likely to cause significant setbacks for large businesses and would cripple almost all SMEs.
Aside from the financial implications, the reputational damage associated with compromising customers’ data can be devastating for businesses. Companies without a concrete, holistic, cybersecurity strategy will ultimately be leaving a door open for cyber breaches.
Separating IT and Cybersecurity
In many organisations, IT departments are left to assume responsibility for managing cybersecurity. This practice not only increases the workload on teams with little to no cybersecurity experience, but also leaves IT professionals to audit and assess their own systems; a practice which simply isn’t appropriate or effective. CEOs need to implement firm governance structures which create clear divisions between the IT and cybersecurity teams to ensure their networks are effectively monitored.
Implement 24/7 monitoring
Existing cybersecurity measures, such as firewalls, do not provide a rounded overview of network security in real-time, and leave companies in the dark about the strength of their infrastructure and the number of malicious attacks suffered daily. According to Verizon, 66% of cyberattacks go unnoticed by businesses for months on end.
While keeping costs low is a priority, CEOs need to invest in technology which provides a 24/7 overview of systems and continuously monitors network traffic. With this in place, businesses are better prepared to respond immediately and minimise the damage from loss of personal data, or the inability to access vital systems.
Leverage specialist hardware and specialist teams
For many organisations, leveraging an external team - as opposed to in-house - is the most cost-effective way to implement a cybersecurity strategy. It’s also important to consider remote devices, such as laptops and mobile phones, which have access to servers and secure or private data. Mobile security breaches can occur in several ways, from downloading malware-infected apps to connecting to an unprotected Wi-Fi network. As such, mobile phone encryption is definitely worth considering. 256-bit AES serves as a good benchmark, and is a standard that we have kept to in our debut UK mid-range mobile Genio.
Train staff in how to protect against cyber-attacks
Training staff in how to protect against cyber-attacks is also fundamental to an effective cybersecurity strategy. According to a 2015 report published by the UK’s Information Commissioner’s Office, human error accounts for almost 66% of cybersecurity incidents. Teaching workers to recognise phishing emails - particularly on a mobile device where formatting may make them less apparent - will significantly reduce the threat of attacks.
A formalised training plan, well defined governance structure, and hardware encryption are fundamental to protecting against cyber-attacks. In today’s digital landscape CEOs can no longer afford to overlook cybersecurity issues and those who act now stand the best chance of protecting their business, and by extension their customers’ data.