With cyber threats from malware and cyber attacks to phishing and social engineering continually in the headlines, it can be difficult to assess the actual risks to your organisation so you can take appropriate action to mitigate them. In my view, you can’t manage anything that you don’t understand – so what is actually out there, and how vulnerable is your organisation to the different threats?
This week the Government launched a review to find out what’s needed to make UK business leaders take cyber security seriously. In our view, a good place to start is the government’s Cyber Essentials scheme, which is based on advice from the UK’s National Cyber Security Centre (NCSC), part of GCHQ.
Implementing digital transformation effectively is about more than just putting in new technology – you need to ensure that it aligns to your organisational strategy and fundamentally adds value to your business, or you won’t obtain the hoped-for ROI. That’s why ITIL 4 should be part of your toolkit for change.
In a digital world, network security moves from the organisation’s perimeter to the user. The most effective way to do this is to create a zero trust network, implementing least privilege and default deny policies for each user and each system.
Although digitalisation brings many benefits, it has a major downside – increased organisational risk. Enabling users to access a corporate network from any location and device creates a significantly increased attack surface which those with malicious intent can target, and enables them to use a much greater range of threat vectors.
Compliance is often thought of as a burden – little more than a tick-box exercise to ensure your organisation meets regulatory and legislative standards. However, that’s looking at it the wrong way. What it actually provides is a statement of your organisational values and is an investment in future growth. It’s a vital part of ensuring that your organisation moves in the desired direction and can enable you to create added value for your business.
With GDPR on the horizon, now is a good time to review your data security policy. The first step is to take a holistic look at your entire infrastructure, from how data is created or acquired to how it is valued, stored, accessed and disposed of. This includes data coming in from customers, partners and suppliers; data created within the organisation, such as presentations and reports; and data that goes out, such as invoices and proposals.
The Global Data Protection Regulation (GDPR) will come into force in less than a year and organisations need to prepare for its introduction and be able to demonstrate compliance. This will require resources and an appropriate budget.