Cyber risk and insurance
Working with a team is an amazing way to be more than the sum of your parts. When that team includes subcontractors, freelancers or a supply chain the opportunities are multiplied.With opportunity comes risk and this article is about identifying and reducing exposure to risk. Most exposure can be reduced in house yet a few steps further and the interconnected World we live in can be managed too.
There's an expectation that businesses are careful rather than reckless. This is the minimum standard expected. Failing to prepare your business to keep delivering will not go down well with customers. They might say they feel sorry for you whilst they are googling another supplier. It’s more a case of why risk it than why not!
Simply expecting nothing to go wrong isn’t realistic. Ignoring risks until they appear isn’t responsible or prudent. Most people know this, yet they get too busy to allocate time. Those that allocate time to stop and think can work their way through it.
Who would you rather do business with?
Imagine you are on the phone in the need of a quick answer. The person at the other end tells you that they're dealing with an unexpected issue and won’t be able to answer your query until 4pm.
Perhaps with another supplier you can’t get through at all. It’s not so urgent yet you need a response the next day. So you call back....a few times. The next day you try again yet get nowhere.
You have your answer from one supplier and nothing from another. Not even voicemails are being returned. So much for having their mobile number.
After a while, you find out that they had the same issue. Their hosting company/telephone provider had a power cut and their failovers didn’t work. The power cut had damaged data, destroying some and making other information difficult to access. It has happened and still does.
The motto of the boy scouts is a sensible one. The first company in the above example had assessed their risks and invested in insurance. After making one phone call to report the issue the following happened.
Their IT company were able to stitch them into new systems, put their website back online and retrieve data that was almost up to date. A forensic IT expert arrived to start the investigation so a report could be made to the leaders in the business. Especially handy if the issue caused a breach that the regulator wanted to be informed about. They also started the task of retrieving the missing data and assessed it would be found and reinstated. A call centre packed with highly trained staff were immediately retained to answer questions from everyone whose data was affected by the breach. Each person was notified personally.
These are services paid for by good quality insurance companies. When stitched together correctly they take a “load off the mind” of the organisation, collectively. Management were able to brief all staff and a short statement was prepared and shared across the organisation each morning and afternoon so everyone was on the same page.
It is not going to be you
The chances of anything other than a large organisation actually being targeted are slim to none. However, criminals have spread the bad stuff far and wide in the hope of catching more.....hence the term phishing. They are criminals and they simply do not care who pays the price. It is the fact that they do not discriminate, that means we are all at risk and it is a numbers game. Taking notice of GDPR will divert you from the work that earned you money.
Interruptions that the organisation hasn’t planned for take a whole lot longer to deal with. I’m too busy to take chances. I value my free time far too much to let criminals eat into it.
That could be you!
Wrap up; We have smoke detectors in our house despite having insurance for fires. Because smoke detectors don’t stop arsonists . IT security alone will not prevent the determined. Education coupled with security and insurance is as close to 100% as you can get.
Top tip; Identify what data the GDPR regulators want you to keep safe.
Jason Cobine, Cobine Carmelson