Patrick Arben, partner at Gowling WLG reveals his thoughts on the ever-prevalent issue of cyber security
Cybersecurity is certainly a digital risk that is ‘of the moment’ as recent headline attacks have helped to highlight the issue and bring it to the fore. Indeed, the rapid onset of the digital age and smart mobile technology means that criminal activity can take place far more remote than ever before – increasing the risk of an attack in the process.
Putting preventative steps in place before the fallout has to be dealt with is therefore highly advisable. However, it is important not to get lost in the headlines and recognise that this is just one digital risk amongst a range of others that business owners must be aware of and protect against with exactly the same level of urgency as for a cyber-attack.
Highlighting an inherent need for this is a recent survey of 1000 business throughout Europe by Gowling WLG. UK respondents identified far fewer digital risks as a threat to their business when compared to the views of their European counterparts. Although it is never a good idea to ignore other digital threats, addressing the risk around these now could well pay dividends.
Identity theft/cloning & loss of data
Whatever uncertainty exists politically at the moment, the UK will be adopting the EU General Data Protection Regulation (“EU GDPR”) and updating our own Data Protection Act. This has a direct bearing on the way that personal data is stored and processed and the necessary permissions that will need to be sought, businesses will already be looking at their data storage processes and policies with a view to these falling in line with the new legislation.
A good idea, therefore, is to (in conjunction with the general audit) conduct a compliance/risk assessment of the most important/relevant data that could be stolen and develop controls and processes that help address these risks. Also, the creation of scenario planning that establishes how a security breach incident will be addressed if it occurs can really help ensure that responses are swift in the event of this occurring.
From the customer’s perspective, online privacy and security have fast become a major USP, as consumers are now savvy enough to think with their feet and choose another provider for a product or service, should a provider’s reputation for data security be impacted. It is precise because a serious data breach if it becomes public, can have such a serious impact on a business’s reputation and bottom line that organisation need to treat this threat as a priority:
- Ensure all departments are briefed on the importance of customer security so there is a shared, unified approach;
- Encryption efforts change rapidly so it is important to be up to date with the latest methods and implement these accordingly;
- Limit access to customer data to those that actually require it;
- Ensure that bring your own device (BYOD) policies for staff – establish a policy that requires employees to provide notification in the event of a lost or stolen device so that measures can be taken to prevent data loss and;
- Ensure there are several layers of online security so there is back up if one fails.
Lack of sufficient technical and business knowledge amongst employees
This is, of course, a key digital risk to consider, given that the actions of one employee could make all the processes and strategies that are put in place to protect against digital risk redundant. It is therefore important to see these types of risk as imminent threats to the business which everyone must be aware of protecting against. Implementing a cascaded programme of education about this throughout a business is therefore highly advisable to drive awareness and a sense of personal responsibility throughout the workforce.
Infrastructure issues
A robust digital infrastructure is the most vital component were making the most of the data that is housed within a business is concerned and use it as something to transform successes.
Optimising data in the best way means more than collecting, storing and processing bits and bytes. Ensuring reliability and security across a stable network will help to turn data into actionable information and further protect it from outside attacks – thereby helping to protect and promote the organisation in one fell swoop. As well as handling increasingly large volumes of data, and efficient digital infrastructure can help overcome network and connection problems and help implement governance around the digital activity.
Regulatory issues
As the GDPR and data protection points above highlight, compliance with the law is vital in terms of protecting the business from fines that could have been avoided if the right preventative steps had been taken in advance.
In conclusion…
So, by being extremely proactive in this area, businesses succeed in complying with the law, protecting themselves against digital risk and transforming their operations, if the right digital infrastructure is in place.
Patrick Arben
Partner
Gowling WLG
Tel: +44 (0)121 393 0011