Published on the 15/06/2016 | Written by Owen McCall
The internet is not 100 percent safe, but that doesn’t mean you shouldn’t be using it to support the growth of your business. Owen McCall says we should approach it more like driving…
Think about it, is driving safe? Of course not. There you are hurtling down the open road at 100kph with another vehicle coming straight towards you at the same speed. The only thing between you and the oncoming car is a thin painted line. We know that if that thin painted line doesn’t do its job and the two cars collide the result is a big mess. Bodies aren’t designed to absorb that kind of impact. The result is that over 300 people die from driving every year and thousands more are injured. A quick search on Wikipedia quotes World Health Organisation statistics of 1.25 million people dying on the world’s roads every year. Yet we still drive. With these kinds of statistics why would you risk your life by driving? In the end there are two main reasons for most people. Firstly, the benefits of driving are huge. Modern driving means that you can easily travel 100km an hour. The non-driving equivalent of this is 5km if you walk, 30km if you’re really fit and can bike. If you go really old school and ride a horse then on average you will cover 50 or 60km in a day. The second reason is that we know if we take sensible precautions we can substantially decrease the risk of dying. When it comes to driving these sensible precautions are fairly well known. For example: On top of this we have a very comprehensive system in place to teach people to drive safely and a series of sanctions for people who are caught breaking the rules, including taking their driving privileges away from them. Despite all this we know that an accident can happen any time. The risk is always there, but we still do it. I believe that this is the stance that organisations need to take around digital risk. We know it exists and we know that there is always a risk but if we put in place sensible precautions then we can substantially reduce the risk of operating in the digital world and set ourselves up to succeed. The only question is what are the digital equivalent sensible precautions that you need to implement to reduce your digital risk and have you implemented them? Do these things and you have set yourself up to be able to enjoy the benefits of digital in comparative safety and comfort. Passionate about using technology to make a real difference to businesses, communities, families and individuals, Owen McCall has focused his career on understanding and answering this question: “How do you harness the power of IT to deliver value?”
Sensible Digital Precaution
Rationale
Ensure all your systems are up to date with the latest patches and major releases
Often organisations look at the cost of system upgrades as being a waste of money. This position is understandable because most upgrades don’t deliver significant new benefits so it looks like you are being forced to spend for no real return. The reality is that these upgrades usually contain significant improvements in security as vendors seek to close security vulnerabilities and also address new emerging threats. If you don’t upgrade you leave yourself open to being exploited.
Build “security in depth”
Modern cars don’t rely on one safety feature. Modern cars have multiple safety features from seat belts, to crumple zones to air bags. It’s the same in modern system security. You need to deploy multiple ways to detect and deal with potential security breaches. We call this security in depth.
Build digital competency
For most organisations the greatest security weakness is your staff. They simply don’t know how to keep themselves and their organisation safe in the digital world and organisations don’t systematically invest in upskilling their team in the required skills. We don’t let people drive if they haven’t demonstrated their knowledge of the road rules or their basic competence in the practical skills in driving. We should take the same approach to digital competency.
Know how you are going to recover
As with driving, even if you do all of the above accidents still happen. You need to be prepared for when you do have a serious security breach because it will likely still happen. You prepare by understanding how you are going to recover from this breach and get your business back online. You do this through effective IT disaster recovery planning and regularly testing your recovery plans through a variety of scenarios.
Actively consider and understand your tolerance for cyber security and risk
Like all things in life reducing your cyber risk costs money. Also, the more secure you want to be the harder it is to innovate. Because innovation introduces the new and previously untried. By its very nature it is likely to expose a business to new and unanticipated risks. You need to invest enough time and gain enough understanding to be able to define what your particular appetite for cyber risk is and the appropriate set of controls and mitigations you need to put in place to effectively manage your risk profile. It is no longer good enough to do the ostrich and bury your head in the sand and hope it goes away.
An independent IT consultant, he is a former CIO of The Warehouse.