As companies continue to utilise workplace technologies to allow their business to grow and develop, the risk of cyber security attacks increases tenfold.
According to insurance provider Hiscox, one small business in the UK is successfully hacked every 19 seconds. Around 65,000 attempts to hack small- to medium-sized businesses (SMBs) occur in the UK every day, around which 4,500 are successful.
Now more than ever, companies across the UK try and prevent cyber attacks. Because of this, the role of information technology in the workplace becomes even more critical for businesses to not only protect their assets, but to also lead towards a sustainable future.
We interviewed Karl Hoods, Chief Digital & Information Officer (CDIO) at the Department for Business, Energy and Industrial Strategy (BEIS), to find out what companies can do to protect their business from cyber security threats.
Watch the full interview with Karl, where he goes into detail on the importance of IT within business and how it has changed, alongside how companies can protect themselves from cyber attacks and the ‘must haves’ that can help ensure protection and sustainability for your business, here:
The role of IT in business
Information technology and the IT department now play a crucial role within any business, as the emphasis on monitoring and managing technology and communication systems grows.
There are very few companies now that don’t have an IT department or a professional who looks after the digital elements of the organisation. From being able to send an email, to changing and verifying a password, accessing and maintaining databases and troubleshooting, information technology allows businesses to become more efficient and productive.
While the role of the IT department still encompasses day-to-day operations, the responsibilities and strategic direction has changed exponentially, according to the CDIO at BEIS, Karl Hoods.
He said: “I think the role of the IT department, or the digital department, is incredibly important.
“There aren't many industries that don't have any reliance on technology at all. It's really a relationship that needs to continue to develop and evolve because there's so much value that technology can bring to everyday activities, from productivity if you're working in the office, through to manufacturing and what that can actually mean for output.
“IT has definitely progressed over the years, from being a supporting function to being something which should be integral to the operation of the organisation you’re in.”
Protecting your business
The need to protect your business from cyber attacks has never been greater, and the government continues to urge businesses across the UK to strengthen their cyber security practices. According to cyber security company Carbon Black, up to 88% of UK companies suffered breaches prior to the national lockdowns, with that number exceeding as business moved from the office to remote locations.
Conducting business through digital means can bring a host of opportunities and benefits to the fore, including the ability to email safely, store data, work remotely, and manage everyday operations. On the other hand, having a digital workstream can enhance the risk of a cyber attack.
While cyber attacks can be hard to predict, Karl believes it’s imperative that companies look into potential risks to ensure that the business can remain functional, operational and secure.
He said: “There's definitely a conversation to be had about understanding what the threats are and really getting your head around that.
“From a cyber perspective, we've recently seen the exponential growth in cyber activity and cyber threats. It hits every part of every organisation and it can be incredibly disruptive.
You need to look at your own risk as an organisation and where your threat vectors are, where you might have some weaknesses, where you might be exposed and then look to plug those.
Chief Information & Digital Officer, BEIS
In most cases, today’s technology tools come equipped with the necessary protection that allows businesses to safely go about their day-to-day operations. But making sure you understand how to use the tools is paramount.
Karl adds: “If you're using things like Office 365 or Google Workspace, they all come with tools which can help you. If you don't know how to use them, get some advice on what to do with that – an independent view is beneficial.
“Once you've got that base level of technology protection, then you can look to see how you can evolve that over time. There's also scope to put into place a technology recovery process, as well as a wider business recovery that needs to be done as well.
“Really understanding the key recovery processes, the key people and how long you can survive without having access to the technology is incredibly important.”
The technology ‘must haves’
Protecting your business in a digital world will allow your business to be both sustainable and progressive – but to do so, employers need to make sure that they’re doing everything possible from an IT standpoint.
There are certain processes and tools that can be put in place that will protect a business in both the short and long term. Because IT departments have gone from being purely ‘reactive’ to ‘proactive’, there are multiple ways that companies can firewall their digital assets, believes Karl.
He said: “So the ‘must haves’ are an awareness of the threats. Then there are basic principles that you need to employ which all come down to people a lot of the time. That includes the need for strong passwords, two-factor authentication, all those kinds of things that you need to put in place.
“If you look at the history of some of the compromises that happen, they are around compromised accounts, around credentials that are not being rotated often enough for admin accounts, etc. There's a similar pattern emerging over and over again – usually down to a flaw in the process.
“Focus on understanding your threats, understand where your weaknesses are, and plug those where you can. Also having a really strong user training and awareness programme is incredibly key because people are the weak spot in many of these things.”
Focusing on the employee
Companies need to take the time to invest in their employees to ensure security breaches, no matter the size, can be prevented.
Researchers from Stanford University suggest that approximately 88% of all data breaches are caused by an employee mistake. Human error is still very much the driving force behind an overwhelming majority of cyber security problems, which makes upskilling your employees more important.
Karl believes that “no matter what technology you've got in place, there’s always a weak point which can be individuals, whether that's malicious or just a genuine mistake.
“Investing in the technology, the processes and the people in terms of upskilling has got to be key for any organisation of any size to recover.
“We all get phishing attacks and malware attacks at home. Just because you've come into the office doesn't mean to say that everything's taken care of by the security or technology team.
“It's just about keeping abreast of that, keeping up to date, making people aware of the consequences and understanding what the outcomes could be.”
According to software company Symantec, one in every 3,722 emails in the UK is a phishing attempt, further reinforcing the need to make employees aware of any potential threats that can occur both within the office and while working from home.
Karl adds: “If there is a breach, it’s about knowing who to notify when something happens, even if you're unsure whether it's a breach or not.
“It's better to put your hand up and say, ‘can you look at it for me?’ rather than just say ‘I'm not quite sure’ and let it go so even more damage can be done.
“There are lots of software and courses that are available. It can be very much bitesize and consumable on the move, just short little snippets of information that can really help to protect your business.”
Growing awareness business wide
As the IT department’s roles and responsibilities evolve, so too does their ability to influence and inform senior leaders, which is crucial when it comes to the prevention and awareness of cyber security measures.
Growing awareness around cyber security isn’t just for entry-level employees, it must encompass all departments from graduates all the way up to c-suite executives and the board.
There’s this concept of the ‘human firewall’ that is what we really need inside organisations.
Chief Information & Digital Officer, BEIS
Karl said: “Awareness should start in general terms so that people know how to protect themselves, know not to click on links that they don't expect to receive- for all employees at all levels.
“It isn't just focused on the most junior person in the organisation. This needs to be right up to board level and down, everyone needs to understand the role that they play in protecting the organisation.”
Are you looking for a talented IT professional to drive your business’ growth? Get in touch with one of our specialist recruiters now.
