Box ticking is it enough?
Posted on 24th July 2017 at 15:00
The Most Asked Question
As IT professionals this is the most common question we are asked…
What can I do to protect my business from Cyber Crime?
Even though we are always happy to help and offer appropriate advice, this is what may happen:-
We ask about your business (if we don’t already know)
We ask about the technology you currently use.
We ask about the steps you currently take to protect yourself, security software (virus software), backups etc.
We ponder the answers for a minute or two, consider what would be appropriate.
We offer possible options and suggest a visit which would assist in providing the best solution.
The response may be something like this:-
Really that seems a little expensive, I’ll leave it for now and go on their way.
Now this is obviously taking the extreme, however it demonstrates the principle concisely that most people assume that the cost of protection should be the main consideration, when it should actually be the value the protection offers, which are two very different strategies.
It’s tick box time?
Let’s say we watch a documentary on brain surgery, we have an idea of what is involved in the process, how an individual will have their operation and the possible outcomes, however we should never consider grabbing a few tools and having a bash at brain surgery with our best friend who has been complaining of headaches.
Sadly after our conversation, it’s very common to think that the expertise an IT professional has is easy to replicate and we don’t need them, we can use Google to search for appropriate solutions to tick our boxes and complete the steps required.
The problem with going it alone and just ticking your boxes are as follows:-
You will have no idea that the tools you select offer appropriate protection for your business.
Whether in the result of an incident you will be able to recover your business and continue to trade.
You may have already compromised your systems in using a search engine to complete the tick box exercise by visiting compromised websites.
Appropriate Measures - GDPR
On the 25th of May 2018 GDPR (General Data Protection Regulation) will be enforced, GDPR is the new regulation for data protection which is being adopted in Europe, the new rules will change the way we as individuals and business must protect the data that we hold and take “Appropriate Measures” to protect it.
GDPR will enforce our legal obligation to take these appropriate measures within our organisations to ensure the data we hold is protected.
GDPR in simple terms isn’t asking for us to do anything new, however the major difference is the consequences for not taking the appropriate measures and to be found wanting in our data protection policy will be costly and therefore not recommended.
The consequences in continuing with this rather limited response to a Cyber Attack and Data Protection are severe, you will have missed one MAJOR step in understanding the data you have that needs to be protected, then and only then can you take appropriate measures to actually comply with GDPR.
The Costly Truth
By reviewing your requirements, we understand your needs recommending solutions thus allowing you to spend a comparatively little amount of money in implementing appropriate measures to protect your business, in the long term the costs will be minimised, understood and managed.
You do not understand your business requirements, you purchase inappropriate solutions and take unplanned steps you will however initially benefit by saving money.
However should you suffer an attack and it is very likely that you will, the costs to rectify the incident are likely to be high and will consist of some or all of the following:-
Possible fines and litigation from regulatory bodies.
Loss of reputation.
Loss of customers due to the attack.
Possible fines and litigation from your customers.
You will have to implement the appropriate measures you should have in the first place.
You may actually cease to trade.
I am sure you will agree that Option A is a far better solution for your business and will in the long term be a far less expensive solution and will help you ensure you are GDPR compliant by the 25th of May 2018.
We know we need to protect our business however you must want to do so!
We will help you turn your need into a want!
Tagged as: Cyber Awareness Training, GDPR, Ransomware, Ransomware, malware destroys, stay safe online, Stay safe online
Share this post: