“The IT team looks after our Cyber Security.”
Does this sound familiar? To most organisations, it is the norm. But in this decade the norm is no longer enough. Data is quickly becoming our most valuable commodity, and businesses of every size are at risk from hackers that are all-too-eager to get their hands on this information for personal gain. Cyber Security leaders understand that protecting your organisation is a strategic endeavour that considers all possible vulnerabilities.
As data becomes more valuable, cyber criminals become smarter. Hacking isn’t fast typing and endless code. It’s a malware email, it’s an unlocked door to your office, it’s a phone call. It’s your intern leaving their laptop open in Starbucks, and the wrong person looking over their shoulder.
You can’t solve these problems by asking IT to put in a firewall, and you can’t blame IT when these problems lead to breaches. So, what can you do?
It’s the responsibility of leaders to understand the vectors for risk that affect their organisation at every level, and to make sure this information is available and understood from the top of the organisation to the bottom.
Purple suggests looking at the following areas.
If you did your GDPR homework, you know that the business’ marketing function often handles the largest amounts of data. To keep those leads coming in, marketers are constantly finding ways to gather personal information, the kind that could fall victim to potentially embarrassing data breaches.
Marketing teams are also most likely to work alongside external partners. Companies that for instance, produce video or optimise SEO for the department.
As a leader, it’s important to understand which partners are supporting marketing and whether there are exchanges of personal data in this relationship. It’s easy for a clever hacker to fake correspondence, so awareness and a level of security is paramount here.
The “brand awareness” piece can also poke holes in your cyber security in the form of social media data. Marketers are keen social media users, whether they are posting content on LinkedIn or sharing your brand story on Twitter. It’s advisable to lay out rules for what information employees can share on these sites. Internal emails and phone numbers are gold dust to opportunistic hackers.
When we mention ‘cyber security’, your corporeal office space probably doesn’t spring to mind. But any expert will tell you that this is an important consideration for your cyber security strategy. Though I guarantee your IT department isn’t thinking about it.
Unlocked doors? Unsecured laptops? Sensitive documents left out in the open? With enough guile, a hacker could slip into your space and take advantage of this in the real world. This issue is especially important for large companies, or those in shared offices – where an unfamiliar face is no cause for alarm.
As a leader, it’s your responsibility to ensure there are processes and policies in place for keeping buildings secure. Ensure documents are filed away in secure rooms, that doors are not left unlocked, and employees are reminded to be stay alert to potential breaches.
Remember: Hacking doesn’t always start with computers.
In fact, social engineering is the most effective modern form of hacking, despite involving only the use of a telephone. A skilled hacker manipulates employees to reveal critical information by posing as their superior.
Creating a training, or an awareness program is an effective way for leaders to combat these threats, cyber security must become part of organisational culture at every level and leaders are best positioned to put these initiatives into place.
A simple process can even help, for example; a verification step for phone calls to make sure that employees are talking to their real co-workers when exchanging information. Or phone system notifications that differentiate internal calls from external calls.
Find out more about Purple’s Cyber Security Strategy offering here