I’ve worked for nearly 30 years in IT. I am now the Managing Director of Riven Associates and head up the strategy – client-side, and relationships. I guess I’m seen as the thought leader of the business.
I would say IT security.
The landscape is constantly changing so it’s vital to keep going back to IT and checking what you currently have in place.
There are loads of statistics floating around and with Covid, workforces have become a lot more diverse in terms of where they’re working from. The UK now has a huge mix of people working from home and in the offices, and this hybrid working model, coupled with the increase in IT security threats, makes it more important than ever right now.
The reality is that more employees are working from home and are more likely to be working outside of the security systems that have been put in place within the office. This often means that they’re most likely connecting to office systems but with only domestic security on their systems.
To give you a bit of an idea about how things have changed, Mimecast is one of our leading email security vendors and they’ve reported a 64% increase in email threats in 2020. Last year 6/10 businesses were infected with ransomware. Staggering results really, and it just goes to show how fast the IT security landscape changes and why businesses need to keep it on their agenda to review every year, if not more often.
I would say they should be taking a considered multi-layered approach to IT security.
Treat it as a case of not if, but when…
As a business you need to ask yourself the following questions, what if…
It’s as simple as an email comes in with a link someone accidentally clicks on the link and before you know it your files are getting infected with the ransomware software; you’ve now lost all of your files, and that could include all of your backup data too.
If you think “it won’t happen to us” then that answer really isn’t acceptable as a business owner. Businesses will come unstuck if they don’t even consider the question. From experience, we consistently see malicious activity within the audit trail of customers IT systems.
Just because you can’t see them, it doesn’t mean they’re not real.
It’s a bit like a burglar coming to your door with a keychain of 1000 keys – at some point, they will find the right key. Cyber security is like adding another million keys!
“Doing nothing is unacceptable…”
In terms of GDPR and other professional regulators, like the Financial Conduct Authority etc. the guidelines are to take appropriate action – not all action is going to be the same across every industry/business but at least you have asked yourself the question.
If you do ask yourself the question and the answer is “we don’t need to change anything”, that’s fine. At least you’ve asked, considered the answer, documented it, and made sure you have systems in place.
The reality is this is what is expected. Clients, employees, regulatory bodies, third-party contractors, insurers and if you aren’t asking yourself the question, that’s where businesses will become unstuck.
You must work with your IT partner to have those conversations, look at the key areas in your business in terms of IT and consider the right solution for your business.
Here at Riven, we make it a priority to have those conversations with clients. It’s part of the road mapping we do with them. At the end of the day, more often than not, it’s human error that lets the threats in, so building awareness of what can happen, how and why throughout the business is important. And it’s not just about the senior managers having buy-in – everyone in the business needs to be involved.
I wouldn’t normally use an acronym but here’s one I prepared earlier…
Your IT areas – look at all your IT areas and break them down
Backup and recovery
Education of staff
Regulatory and communications
We encourage every one of our customers to book a security meeting with us every year, where we have an open and honest conversation around threats to the business and what’s happening internally.
I would say we uniquely look after our customers in that we provide a roadmap and its risk is at the centre of that plan.
If you are a business owner, I think an important question to ask yourself is “If something goes wrong, who is accountable?”
The only person accountable is you. So don’t put this off.
And if you’re a one-man-band, it doesn’t make you immune either. It’s simply a shorter conversation!
Why not give me a call on 01784 437 123 to chat through your IT roadmap?
Or visit our website https://www.rivenassociates.co.uk/
Click here to sign up our monthly newsletter.
If you’d like to learn more about how we can support your IT systems, please get in touch …
The White House, 53 High St, Egham TW20 9EX