While everyone seems to be talking about cyber security measures and mechanisms, just how much risk is at play? While it may hit the headlines on a regular basis, complacency around cyber security seems just as popular. But it’s not just the IT Department’s problem: cyber risk exists at every level of your organisation. Don’t panic just yet though – there are robust and reliable ways to navigate and secure your company’s data and assets.
As our world becomes more and more dependent on digital communications and our online personas, understanding cyber risk is important. But, the higher priority must, of course, be: what to do about it. By definition, cyber risk means the risk your business takes in terms of potential financial loss, brand damage, operational disruption, or data loss.
Your company’s level of cyber risk is linked to three important levels of access. These can be summarised by answering three questions, which will help you to isolate what cyber risk level your company operates at. These questions are:
- How dependent are your daily operations on your IT infrastructure?
- How involved are your employees, colleagues, and external contractors, in maintaining their appropriate level of physical and digital security?
- How easy is it to access company data, network resources, or physical assets?
Operating a business in 2019 means your answers probably look something like this:
- Our business is highly dependent upon our IT infrastructure.
- Our employees do their best to secure their computers, laptops, and data.
- It’s not easy to access our company information and you’ll need to sign in at reception before you can enter our offices.
If your responses look something like this, you may feel relatively confident that you’re doing okay in the realm of cyber security. Apologies for the disappointment: your cyber risk level is still high.
It’s not just you
But, you can have the best network infrastructure, that offers top level security even the CIA would be proud of…and your business would still be at high risk. Implementing robust cyber security measures doesn’t end with your operations; it must be reflected in the systems and businesses your company relies upon too. We’ll use the example of a well-known low-level online design programme, Canva, here. Canva is a popular platform for creating beautiful images to be used for social media, online media, and even print.
The Canva example
In 2019, Canva was hacked, with usernames and passwords exposed. This meant that anyone who had that data could log in to a particular user’s account, use their images, or access payment information. While the majority of Canva’s users are casual, many of the remainder are involved in creating images for clients that include or refer to a company’s intellectual property. Moreover, users’ payment information could be accessed. If a Canva user was involved in creating imagery for a top-secret campaign for a business, that was embargoed until a certain date, all that information and imagery could now be accessed and used by anyone who had the user details. As a result, confidential information, stored on an external service provider’s platform, put a business at risk – and it wasn’t even their platform to begin with, never mind their hack.
Assessing and acting upon your company’s level of cyber risk is the most important part of your cyber security programme. That overwhelmed feeling should not lead you towards complacency. Instead, use it as a motivator to assess your company’s level of cyber risk, and act on it. ProPrivacy can help.
Philipa is the lead consultant and auditor at ProPrivacy. With clients as far afield as Canada, South Africa, Kenya, Germany, Spain and other such exotic locations, besides Cork and elsewhere in Ireland, Philipa enjoys a broad view of the state of data protection, privacy and cyber security worldwide. Philipa’s passion is manageable data compliance for SMEs.
Philipa is a qualified teacher besides holding a computer science (Bachelor of Science in Artificial Intelligence Programming) and electronic and intellectual property law (LLB) qualified. She is trained in constitutional (fundamental) rights litigation and enjoys a good debate.
Philipa has over twenty years of experience working in different sized organisations and sectors on operational, governance, risk management and compliance matters. She is an analytical and focused person that enjoys a challenge in the workplace. She loves technology, systems and people and has a passion for showing people how technology can make life easier and better. She understands that the world is driven by data today but privacy is paramount. Responsibly developed AI excites Philipa for the future.