While everyone seems to be talking about cyber security measures and mechanisms, just how much risk is at play? While it may hit the headlines on a regular basis, complacency around cyber security seems just as popular. But it’s not just the IT Department’s problem: cyber risk exists at every level of your organisation. Don’t panic just yet though – there are robust and reliable ways to navigate and secure your company’s data and assets.
As our world becomes more and more dependent on digital communications and our online personas, understanding cyber risk is important. But, the higher priority must, of course, be: what to do about it. By definition, cyber risk means the risk your business takes in terms of potential financial loss, brand damage, operational disruption, or data loss.
Your company’s level of cyber risk is linked to three important levels of access. These can be summarised by answering three questions, which will help you to isolate what cyber risk level your company operates at. These questions are:
- How dependent are your daily operations on your IT infrastructure?
- How involved are your employees, colleagues, and external contractors, in maintaining their appropriate level of physical and digital security?
- How easy is it to access company data, network resources, or physical assets?
Operating a business in 2019 means your answers probably look something like this:
- Our business is highly dependent upon our IT infrastructure.
- Our employees do their best to secure their computers, laptops, and data.
- It’s not easy to access our company information and you’ll need to sign in at reception before you can enter our offices.
If your responses look something like this, you may feel relatively confident that you’re doing okay in the realm of cyber security. Apologies for the disappointment: your cyber risk level is still high.
It’s not just you
But, you can have the best network infrastructure, that offers top level security even the CIA would be proud of…and your business would still be at high risk. Implementing robust cyber security measures doesn’t end with your operations; it must be reflected in the systems and businesses your company relies upon too. We’ll use the example of a well-known low-level online design programme, Canva, here. Canva is a popular platform for creating beautiful images to be used for social media, online media, and even print.
The Canva example
In 2019, Canva was hacked, with usernames and passwords exposed. This meant that anyone who had that data could log in to a particular user’s account, use their images, or access payment information. While the majority of Canva’s users are casual, many of the remainder are involved in creating images for clients that include or refer to a company’s intellectual property. Moreover, users’ payment information could be accessed. If a Canva user was involved in creating imagery for a top-secret campaign for a business, that was embargoed until a certain date, all that information and imagery could now be accessed and used by anyone who had the user details. As a result, confidential information, stored on an external service provider’s platform, put a business at risk – and it wasn’t even their platform to begin with, never mind their hack.
Assessing and acting upon your company’s level of cyber risk is the most important part of your cyber security programme. That overwhelmed feeling should not lead you towards complacency. Instead, use it as a motivator to assess your company’s level of cyber risk, and act on it. ProPrivacy can help.