Technology is truly a double-edged sword. You can’t live without it in today’s business environment but living with it invariably entails coming to grips with all its attendant risks – and there are many! Imagine how liberating it would be, if technology was allowed free reign in support of business – how far commerce could go, and how convenient doing business could become. Unfortunately, we don’t live in a perfect world, and business is not the ideal environment for the democratisation of technology, as many companies have realised, to their detriment.
What most firms fear today is not so much the advancement of technology (will droids take over our jobs?) but the disruption that results from having become too dependent on it. Cybersecurity is gaining traction because more and more businesses are recognising the irony of how the component expected to boost business may also be the major cause of its downfall. Rare is the company today that does not have a website but this is often the best way into an organisation’s network. To those who are intent on breaching the system, this is like an invitation to a buffet!
So what can companies do to protect themselves from such breaches? The first step is to identify what and how much confidential or valuable information the company has; the second is where the major risks stemming from the exposure of this information may lie. If all your company information is “out there” and your business runs little risk of being affected if everyone knows it, then there is less to fear. But if you can only afford to be transparent about some things and need to keep others safe and confidential – such as patented industrial designs, proprietary source codes or secret recipes, for instance – then cybersecurity is a must.
One of the less savoury aspects of technology is that it has helped to expedite crime. Thieves today don’t just swipe the extra change from the till; they are cybercriminals who get into your offshore bank accounts and clean you out to the tune of millions. Fraud, corruption, insider trading and other white-collar crimes are at an all-time high, aided and abetted by technology. Cybercrime includes data breaches, identity theft, online fraud and credit card scams, just to name a few. More alarmingly, syndicates and organised crime have also started applying technology to expand their networks; crime is crossing physical boundaries with relative ease.
Hackers in one country can access sites on other continents; cybercrime is not constrained by physical boundaries. It is usually quick, anonymous and extremely painful; sometimes racking up millions in damage, and paralysing networks. Hacking has also been known to render physical equipment useless and trigger denial of service incidents that disrupt and can bankrupt businesses. With cybercrime apparently so prevalent, what can companies do to protect themselves? There are some common-sense measures that can be taken before the big guns are brought in.
Firms need a cybersecurity policy, and should inventory their information assets to determine which may be vulnerable to cyberattack. Proper documentation is imperative. Update records and identify who is responsible for information safety and maintenance. Update old or obsolete technology, and make sure the new or updated items come with appropriate security. Increase staff awareness, and educate them on what to do in the event of a security breach or cyberattack. Make cybersecurity issues a part of the risk culture that you want to develop in your organisation. Turn everyone in the firm – from the Chairman of the Board to the Tea Lady – into a Cyberpolice Squad!