Combatting cyber threats: how to protect your business

Karl Hoods, Chief Digital & Information Officer at the Department for Business, Energy and Industrial Strategy, talks to Reed about how you can protect your business from cyber security threats.

8 mins read
I Stock 1322205588 (2)

about 1 year ago

As companies continue to utilise workplace technologies to allow their business to grow and develop, the risk of cyber security attacks increases tenfold.

According to PwC, Swiss companies suffer ransomware attacks around every 11 seconds. Medium-sized Swiss companies suffer average damage of about CHF 6 million per cyberattack.

Now more than ever, companies across the world try and prevent cyber attacks. Because of this, the role of information technology in the workplace becomes even more critical for businesses to not only protect their assets, but to also lead towards a sustainable future.

We interviewed Karl Hoods, Chief Digital & Information Officer (CDIO) at the Department for Business, Energy and Industrial Strategy (BEIS) - UK, to find out what companies can do to protect their business from cyber security threats.

Watch the full interview with Karl, where he goes into detail on the importance of IT within business and how it has changed, alongside how companies can protect themselves from cyber attacks and the ‘must haves’ that can help ensure protection and sustainability for your business, here:

The role of IT in business

Information technology and the IT department now play a crucial role within any business, as the emphasis on monitoring and managing technology and communication systems grows.

There are very few companies now that don’t have an IT department or a professional who looks after the digital elements of the organisation. From being able to send an email, to changing and verifying a password, accessing and maintaining databases and troubleshooting, information technology allows businesses to become more efficient and productive.

While the role of the IT department still encompasses day-to-day operations, the responsibilities and strategic direction has changed exponentially, according to the CDIO at BEIS, Karl Hoods.

He said: “I think the role of the IT department, or the digital department, is incredibly important.

“There aren't many industries that don't have any reliance on technology at all. It's really a relationship that needs to continue to develop and evolve because there's so much value that technology can bring to everyday activities, from productivity if you're working in the office, through to manufacturing and what that can actually mean for output.

“IT has definitely progressed over the years, from being a supporting function to being something which should be integral to the operation of the organisation you’re in.”

Protecting your business

The need to protect your business from cyber-attacks has never been greater, and global governments continue to urge businesses to strengthen their cybersecurity practices. According to PwC, in 2020, 20,544 cases of cybercrime were reported in Switzerland, and 16,395 of these were classified as cyber fraud.

Conducting business through digital means can bring a host of opportunities and benefits to the fore, including the ability to email safely, store data, work remotely, and manage everyday operations. On the other hand, having a digital workstream can enhance the risk of a cyber attack.

While cyber-attacks can be hard to predict, Karl believes it’s imperative that companies look into potential risks to ensure that the business can remain functional, operational and secure.

He said: “There's definitely a conversation to be had about understanding what the threats are and really getting your head around that."

"From a cyber perspective, we've recently seen the exponential growth in cyber activity and cyber threats. It hits every part of every organisation and it can be incredibly disruptive. You need to look at your own risk as an organisation and where your threat vectors are, where you might have some weaknesses, where you might be exposed and then look to plug those."

Karl Hoods, Chief Information & Digital Officer, BEIS

In most cases, today’s technology tools come equipped with the necessary protection that allows businesses to safely go about their day-to-day operations. But making sure you understand how to use the tools is paramount.

Karl adds: “If you're using things like Office 365 or Google Workspace, they all come with tools which can help you. If you don't know how to use them, get some advice on what to do with that – an independent view is beneficial.

“Once you've got that base level of technology protection, then you can look to see how you can evolve that over time. There's also scope to put into place a technology recovery process, as well as a wider business recovery that needs to be done as well.

“Really understanding the key recovery processes, the key people and how long you can survive without having access to the technology is incredibly important.”

The technology ‘must haves’

Protecting your business in a digital world will allow your business to be both sustainable and progressive – but to do so, employers need to make sure that they’re doing everything possible from an IT standpoint.

There are certain processes and tools that can be put in place that will protect a business in both the short and long term. Because IT departments have gone from being purely ‘reactive’ to ‘proactive’, there are multiple ways that companies can firewall their digital assets, believes Karl.

He said: “So the ‘must haves’ are an awareness of the threats. Then there are basic principles that you need to employ which all come down to people a lot of the time. That includes the need for strong passwords, two-factor authentication, all those kinds of things that you need to put in place.

“If you look at the history of some of the compromises that happen, they are around compromised accounts, around credentials that are not being rotated often enough for admin accounts, etc. There's a similar pattern emerging over and over again – usually down to a flaw in the process.

“Focus on understanding your threats, understand where your weaknesses are, and plug those where you can. Also having a really strong user training and awareness programme is incredibly key because people are the weak spot in many of these things.”

Focusing on the employee

Companies need to take the time to invest in their employees to ensure security breaches, no matter the size, can be prevented.

Researchers from Stanford University suggest that approximately 88% of all data breaches are caused by an employee mistake. Human error is still very much the driving force behind an overwhelming majority of cyber security problems, which makes upskilling your employees more important.

Karl believes that “no matter what technology you've got in place, there’s always a weak point which can be individuals, whether that's malicious or just a genuine mistake.

“Investing in the technology, the processes and the people in terms of upskilling has got to be key for any organisation of any size to recover.

“We all get phishing attacks and malware attacks at home. Just because you've come into the office doesn't mean to say that everything's taken care of by the security or technology team.

“It's just about keeping abreast of that, keeping up to date, making people aware of the consequences and understanding what the outcomes could be.”

According to software company Symantec, in the UK, one in every 3,722 emails is a phishing attempt, further reinforcing the need to make employees aware of any potential threats that can occur both within the office and while working from home.

Karl adds: “If there is a breach, it’s about knowing who to notify when something happens, even if you're unsure whether it's a breach or not.

“It's better to put your hand up and say, ‘can you look at it for me?’ rather than just say ‘I'm not quite sure’ and let it go so even more damage can be done.

“There are lots of software and courses that are available. It can be very much bitesize and consumable on the move, just short little snippets of information that can really help to protect your business.”

Growing awareness business wide

As the IT department’s roles and responsibilities evolve, so too does their ability to influence and inform senior leaders, which is crucial when it comes to the prevention and awareness of cyber security measures.

Growing awareness around cyber security isn’t just for entry-level employees, it must encompass all departments from graduates all the way up to c-suite executives and the board.

"There’s this concept of the ‘human firewall’ that is what we really need inside organisations."

Karl Hoods, Chief Information & Digital Officer, BEIS

Karl said: “Awareness should start in general terms so that people know how to protect themselves, know not to click on links that they don't expect to receive- for all employees at all levels.

“It isn't just focused on the most junior person in the organisation. This needs to be right up to board level and down, everyone needs to understand the role that they play in protecting the organisation.”

Are you looking for a talented IT professional to drive your business’ growth? Get in touch with our specialist recruiter now.

You may also be interested in...

Employee monitoring: a guide to best practices
1 mins read

Employee monitoring: a guide to best practices

Employee monitoring can help ensure productivity and accountability among employees, as managers can track their work progress and identify areas where improvement is needed. Monitoring enhances data security by detecting and preventing unauthorised access or data breaches and additionally, it enables you to adhere to regulatory and compliance requirements, reducing legal risks. 

The key thing to remember is that workplace surveillance is perfectly acceptable, as long as you can legally justify your reasons, and it is always better to be ‘overt’, not ‘covert’.  

A report shows that despite normality returning to working life post-pandemic, demand for employee surveillance software is 49% above 2019 levels. 

Our eBook, ‘Employee monitoring: a guide to best practices’, provides insight from top experts in the field including:    

Keith Rosser, Director of Group Risk and Reed Screening, Reed 

Hayfa Mohdzaini, Senior Research Adviser, CIPD

 By downloading this eBook, you will discover:   

  • What employee monitoring is 

  • Whether it's needed for your business

  • Considerations for introducing workplace monitoring  

  • The benefits and drawbacks  

  • Potential impact of surveillance on the workforce 

  • Your duties as a responsible employer 

“Monitoring software that employees see as intrusive and unnecessary is more likely to erode mutual trust in the employment relationship. Employers need to show how using monitoring software can benefit employees, while respecting their privacy.” -Hayfa Mohdzaini, Senior Research Adviser, CIPD.

Workplace monitoring: guidance for your organisation
2 mins read

Workplace monitoring: guidance for your organisation

​In the past, workplace monitoring was relatively simplistic: employers relied on visual supervision and basic timekeeping systems, and the concept of privacy was limited.

Fast forward to the digital age. Employee monitoring has reached new levels of sophistication and become common practice for employers seeking to boost productivity, enhance security, and ensure compliance with regulations.

Improved productivity and deeper insights

With the advancement of technology, including GPS tracking, computer monitoring software, and biometric identification systems, surveillance can provide employers with detailed insights into employee activities and performance.

One of the key benefits of employee monitoring is the ability to track and improve productivity levels. By monitoring employees' activities, employers can identify inefficiencies, analyse workflow processes, and provide targeted feedback to enhance performance. This data-driven approach allows companies to optimise their operations, allocate resources effectively, and ultimately improve their bottom line.

Monitoring can also help employers identify and address issues such as time theft, excessive breaks, and unauthorised activities in the workplace. With real-time monitoring tools, employers can detect irregularities and take corrective actions promptly, therefore improving accountability and integrity among employees.

Employee monitoring can also aid in compliance with regulations and industry standards. By keeping a close eye on electronic communications, websites visited, and files accessed, employers can ensure that employees adhere to data protection laws, maintain confidentiality, and comply with company policies. This proactive approach minimises the risk of data breaches and security incidents and also protects the company from potential legal liabilities.

Balancing surveillance and ethics

Despite the clear advantages of employee monitoring, it is crucial for organisations to approach this practice with sensitivity and respect for staff privacy. As a matter of course, employers should establish clear policies regarding monitoring practices, communicate openly with employees about the purpose and scope of monitoring, and ensure transparency in the use of monitoring tools.

Prioritise the protection of sensitive employee data by implementing robust security measures, restricting access to monitoring data, and complying with data protection regulations such as GDPR. These considerations can ease employees’ minds about any surveillance and even instil appreciation for such measures. After all, workplace security is in everyone’s best interests.

Download our best practice guide to employee monitoring

Our eBook, ‘Employee monitoring: a guide to best practices’ provides insight into how employers might best integrate employee monitoring into their organisation, and considerations for what the impact may be on employees. With opinion from thought leaders, it addresses everything from pre-employment checks to the tracking tech that might be right your organisation.

Looking to hire top talent for your organisation or to find your next dream role? Get in touch with one of our specialist consultants today.

Inspiring the next generation: the benefits of offering internships
4 mins read

Inspiring the next generation: the benefits of offering internships

The decision to hire interns is not merely a trend, but a strategic must. The opportunities associated with internships can be used to bridge the gap between academic learning and practical application, while also playing a pivotal role in shaping the careers of aspiring professionals.

Towards the end of 2023, Google searches for ‘internships’ increased by 22% to 6,000 searches per month, while the social media platform, TikTok, saw four million views for the hashtag #internships, as more and more students look for opportunities to increase their work experience.

For businesses, investing in paid internships is a strategic move that goes beyond fulfilling corporate social responsibility. It's an investment in the future workforce, creating a talent pool that may later become full-time employees. According to the 2022 Student Recruitment Survey by the Institute of Student Employers, 82% of respondents reported that they recruit interns – showing that internships shouldn’t just be viewed as a gesture of goodwill, but play a pivotal role in recognizing talent, promoting diversity, and contributing to overall business success.

Managed well, an internship can be a viable recruitment option for an organization. But what are the main reasons why businesses should consider running an internship program?

Talent development

Businesses can use internship programs as a proactive approach to identifying and nurturing professionals for their talent pool. They can create direct connections with emerging talent, providing them with first-hand experience in their respective industries – from engineering and technology to sales and procurement.

With skills shortages affecting a large number of sectors, employers that provide a platform for eager individuals to gain paid experience, help ease the pressures many businesses – and professionals – are facing.

Innovation and fresh perspectives

Interns can inject new and exciting perspectives and ideas into the workplace, which can see campaigns thrive and strategies become more impactful. By recognizing that diversity fuels creativity, seeking interns who bring unique insights and approaches to problem-solving will help to enhance the overall creativity and adaptability of the organization.

Introducing different perspectives into your workplace provides a fresh take on the business as a whole. Even though interns won't be responsible for creating new policies or planning a strategy, their outside opinion may improve existing practices.

For example, as more workplaces undergo digital transformation the need for a workforce that is comfortable with various technologically advanced tools has never been more important. Asking for an intern’s feedback on your digital presence and consumer-facing collateral can pinpoint where potential improvements can be made and where new business or custom can be identified.

Social responsibility and diversity

Businesses are increasingly investing in corporate social responsibility and the benefits that come with having a diverse workforce.

Running an internship program allows companies to contribute to ongoing social initiatives by providing valuable opportunities to individuals who may face barriers to entry into the workforce. Employers who actively seek out interns from various demographics can demonstrate their commitment to fairness, equality, and social responsibility – heightening their appeal to professionals looking for 'good' companies to work for.

It’s important to maintain a community-focused approach, ensuring you ‘give back’ by offering young talent the opportunity to thrive and succeed in an internship – helping enhance their career prospects and your reputation at the same time.

Brand image enhancement

In a world where reputation means everything, any opportunity to be seen as an employer of choice can be vital to a successful talent acquisition strategy. Internship programs play a pivotal role in shaping the perception of a company among potential new employees, as well as customers and other stakeholders.

Businesses that actively engage in internships can showcase their commitment to investing in professional development, graduate opportunities, and career changes – creating a positive brand image. This in turn attracts people seeking meaningful opportunities for growth and career progression.

Helping the next generation

There’s a bigger picture to internship programs. Many individuals, especially recent graduates, may face challenges when embarking on a new career path. Those lucky enough to win internships will reap the benefits that come from the experience, not just in adding to their CV, but in self-confidence gained from developing knowledge of their chosen profession, all while making valuable contacts.

Internships ultimately improve future employability and give a head start to those keen to learn sought-after skills in their field, whether that’s invoice management and purchasing in accountancy, or content strategies and communication plans in marketing.

Having interns can potentially help to identify future leaders among your junior employees. When overseeing an intern’s day-to-day activities, some junior employees may demonstrate exceptional management and leadership traits. Once these skills have been identified, you may consider investing in these employees further and upskilling them for future leadership opportunities.

Businesses that offer internships are not just investing in short-term support but are strategically building a foundation for long-term success. An internship is still one of the best ways for professionals to gain that all-important work experience, highlighting the importance a robust internship program plays in growing and expanding the workforce.

Looking to hire experienced professionals to join your team? Contact one of our specialist consultants today.