Last week one of the stalwarts of the IT trade press, Computer Weekly, ran a story stating that few business people outside of IT departments have any knowledge of current information security threats.
This isn’t a surprise to me; in fact IT in general is in many organisations still seen as ‘below stairs’. Despite the efforts of Apple in its retail stores that all IT people are open, friendly and cool generation X types, the reality is that It is most IT departments still suffer a bit of an image problem. Therefore any warnings, suggestions, advice and concerns that they raise are potentially somewhat tainted.
The fact is that IT in all is forms has been so successful in its penetration into every avenue of our personal and more importantly our professional lives that the people who set it up, manage, support and advise on IT across the business community deserve to be seen in a similar professional standing to a solicitor, an architect, a doctor or an engineer or any other trusted professional. Many IT professionals have studied equally as hard, have specialist skills and a deep understanding of the benefits and risks associated with the use of IT today. Admittedly there are also a few rogues in the industry, the blaggers, the confusers and those who have been overly promoted because they were just ‘good with computers’. They will die off through natural selection in the coming years as greater information governance will be legally applied across the business spectrum.
So if you are a school, a GP surgery, a high street solicitors office or a firm of local accountants. If you are a charity, or a recruitment agency, a theatre or a dental practise. If you are a relatively small organisation, an SME, but you have huge amounts of electronic data, customer records, names addresses, credit card numbers, what do you do about your cyber security? If, as I would assume, many of you have maybe one person who ‘looks after’ your IT, or you use a small IT support provider you may need to start asking a few questions to determine if you are at risk. Oh and just if you are wondering, you are at risk, we all are, sorry to that break it to you.
Many of these small businesses, are too busy to look at their IT, they are busy doing their business. IT can be seen as a necessary evil but the truth is in pretty much all organisations if the IT fails; the business stops. IT has such great power and influence over a businesses successful operation it really does demand to be taken more seriously than it ever has done before. If you are a business owner, even if by your own admission your IT skills are ‘limited’, now is the time to sit down with your IT support provider and have a serious chat about cyber security. Before you do that it would be well worth doing a small amount of self-education on the risks you face. A very good place to start is by considering the Cyber Essentials Scheme. Download it, read through it and that will have you primed to ask the relevant questions on what do you have, what don’t you have in place regarding cyber security. I can’t predict the answers you will get, but if you are told that everything is fine and there risks are overblown and you needn’t worry, then alarm bells should start ringing.
Business owners by their very nature have to learn new skills; they need to know about insurances, buildings, health and safety legislation and employment law. These skills and understanding were required as business evolved, they may not have been easy to acquire and the business owners probably resisted having to do it. Business is now evolving further and cyber security should be added to that list of required understanding.
Start talking now about cyber security. Don’t ignore it, get your IT person / department / provider out from their dark corner, bring them up from below stairs and have a non judgmental open discussion about where you are and what you need to do. Of course you could wait until you have a quiet day at the office to discuss it. Maybe that day will be with the IT fails due to a cyber attack. I hope not, for your sake and the sake of your business.