Combatting cyber threats: how to protect your business

Karl Hoods, Chief Digital & Information Officer at the Department for Business, Energy and Industrial Strategy, talks to Reed about how you can protect your business from cyber security threats.

8 mins read
I Stock 1322205588 (2)

9 months ago

As companies continue to utilise workplace technologies to allow their business to grow and develop, the risk of cyber security attacks increases tenfold.

According to PwC, Swiss companies suffer ransomware attacks around every 11 seconds. Medium-sized Swiss companies suffer average damage of about CHF 6 million per cyberattack.

Now more than ever, companies across the world try and prevent cyber attacks. Because of this, the role of information technology in the workplace becomes even more critical for businesses to not only protect their assets, but to also lead towards a sustainable future.

We interviewed Karl Hoods, Chief Digital & Information Officer (CDIO) at the Department for Business, Energy and Industrial Strategy (BEIS) - UK, to find out what companies can do to protect their business from cyber security threats.

Watch the full interview with Karl, where he goes into detail on the importance of IT within business and how it has changed, alongside how companies can protect themselves from cyber attacks and the ‘must haves’ that can help ensure protection and sustainability for your business, here:

The role of IT in business

Information technology and the IT department now play a crucial role within any business, as the emphasis on monitoring and managing technology and communication systems grows.

There are very few companies now that don’t have an IT department or a professional who looks after the digital elements of the organisation. From being able to send an email, to changing and verifying a password, accessing and maintaining databases and troubleshooting, information technology allows businesses to become more efficient and productive.

While the role of the IT department still encompasses day-to-day operations, the responsibilities and strategic direction has changed exponentially, according to the CDIO at BEIS, Karl Hoods.

He said: “I think the role of the IT department, or the digital department, is incredibly important.

“There aren't many industries that don't have any reliance on technology at all. It's really a relationship that needs to continue to develop and evolve because there's so much value that technology can bring to everyday activities, from productivity if you're working in the office, through to manufacturing and what that can actually mean for output.

“IT has definitely progressed over the years, from being a supporting function to being something which should be integral to the operation of the organisation you’re in.”

Protecting your business

The need to protect your business from cyber-attacks has never been greater, and global governments continue to urge businesses to strengthen their cybersecurity practices. According to PwC, in 2020, 20,544 cases of cybercrime were reported in Switzerland, and 16,395 of these were classified as cyber fraud.

Conducting business through digital means can bring a host of opportunities and benefits to the fore, including the ability to email safely, store data, work remotely, and manage everyday operations. On the other hand, having a digital workstream can enhance the risk of a cyber attack.

While cyber-attacks can be hard to predict, Karl believes it’s imperative that companies look into potential risks to ensure that the business can remain functional, operational and secure.

He said: “There's definitely a conversation to be had about understanding what the threats are and really getting your head around that."

"From a cyber perspective, we've recently seen the exponential growth in cyber activity and cyber threats. It hits every part of every organisation and it can be incredibly disruptive. You need to look at your own risk as an organisation and where your threat vectors are, where you might have some weaknesses, where you might be exposed and then look to plug those."

Karl Hoods, Chief Information & Digital Officer, BEIS

In most cases, today’s technology tools come equipped with the necessary protection that allows businesses to safely go about their day-to-day operations. But making sure you understand how to use the tools is paramount.

Karl adds: “If you're using things like Office 365 or Google Workspace, they all come with tools which can help you. If you don't know how to use them, get some advice on what to do with that – an independent view is beneficial.

“Once you've got that base level of technology protection, then you can look to see how you can evolve that over time. There's also scope to put into place a technology recovery process, as well as a wider business recovery that needs to be done as well.

“Really understanding the key recovery processes, the key people and how long you can survive without having access to the technology is incredibly important.”

The technology ‘must haves’

Protecting your business in a digital world will allow your business to be both sustainable and progressive – but to do so, employers need to make sure that they’re doing everything possible from an IT standpoint.

There are certain processes and tools that can be put in place that will protect a business in both the short and long term. Because IT departments have gone from being purely ‘reactive’ to ‘proactive’, there are multiple ways that companies can firewall their digital assets, believes Karl.

He said: “So the ‘must haves’ are an awareness of the threats. Then there are basic principles that you need to employ which all come down to people a lot of the time. That includes the need for strong passwords, two-factor authentication, all those kinds of things that you need to put in place.

“If you look at the history of some of the compromises that happen, they are around compromised accounts, around credentials that are not being rotated often enough for admin accounts, etc. There's a similar pattern emerging over and over again – usually down to a flaw in the process.

“Focus on understanding your threats, understand where your weaknesses are, and plug those where you can. Also having a really strong user training and awareness programme is incredibly key because people are the weak spot in many of these things.”

Focusing on the employee

Companies need to take the time to invest in their employees to ensure security breaches, no matter the size, can be prevented.

Researchers from Stanford University suggest that approximately 88% of all data breaches are caused by an employee mistake. Human error is still very much the driving force behind an overwhelming majority of cyber security problems, which makes upskilling your employees more important.

Karl believes that “no matter what technology you've got in place, there’s always a weak point which can be individuals, whether that's malicious or just a genuine mistake.

“Investing in the technology, the processes and the people in terms of upskilling has got to be key for any organisation of any size to recover.

“We all get phishing attacks and malware attacks at home. Just because you've come into the office doesn't mean to say that everything's taken care of by the security or technology team.

“It's just about keeping abreast of that, keeping up to date, making people aware of the consequences and understanding what the outcomes could be.”

According to software company Symantec, in the UK, one in every 3,722 emails is a phishing attempt, further reinforcing the need to make employees aware of any potential threats that can occur both within the office and while working from home.

Karl adds: “If there is a breach, it’s about knowing who to notify when something happens, even if you're unsure whether it's a breach or not.

“It's better to put your hand up and say, ‘can you look at it for me?’ rather than just say ‘I'm not quite sure’ and let it go so even more damage can be done.

“There are lots of software and courses that are available. It can be very much bitesize and consumable on the move, just short little snippets of information that can really help to protect your business.”

Growing awareness business wide

As the IT department’s roles and responsibilities evolve, so too does their ability to influence and inform senior leaders, which is crucial when it comes to the prevention and awareness of cyber security measures.

Growing awareness around cyber security isn’t just for entry-level employees, it must encompass all departments from graduates all the way up to c-suite executives and the board.

"There’s this concept of the ‘human firewall’ that is what we really need inside organisations."

Karl Hoods, Chief Information & Digital Officer, BEIS

Karl said: “Awareness should start in general terms so that people know how to protect themselves, know not to click on links that they don't expect to receive- for all employees at all levels.

“It isn't just focused on the most junior person in the organisation. This needs to be right up to board level and down, everyone needs to understand the role that they play in protecting the organisation.”

Are you looking for a talented IT professional to drive your business’ growth? Get in touch with our specialist recruiter now.

You may also be interested in...

Will AI eliminate the need for jobs?
1 mins read

Will AI eliminate the need for jobs?

​At the recent Microsoft CEO Connections event, the CEO Satya Nadella compared the impact of new AI technology to the birth of personal computers and the internet, in terms of its potential global impact.While writers, actors, and other artists have been fighting to protect their livelihoods from AI’s threat, Elon Musk imagines what I can only describe as a nightmarish vision of the future where no one works at all (although, as a recruiter, I’m predictably biased about the 'nightmarish' part).The recent Reed/Bloomberg job market report sheds some light on this issue. While AI is a hot topic across politics and business, jobs in the sector have plummeted, suggesting that organizations have lost interest in hiring for new AI job roles.That’s not to say that companies are ignoring AI altogether. From finance to e-commerce, businesses have been integrating this technology into existing roles, allowing them to offer new and improved products and services to their customers. Here at Reed, we’re using AI to help remedy a common problem for recruiters and managers – choosing appropriate interview questions for specific roles. With our AI-powered Interview Question Generator, a task that once took hours can now be completed with the click of a button.Does this mean recruiters and their counterparts in other sectors will soon be out of a job and replaced by AI? Not necessarily. Although AI will most likely cause some jobs to disappear, it will also liberate people from bureaucracy, eliminate mundane tasks, and allow workers to focus on the parts of their jobs only humans can do well.So, while it’s almost certain that AI is transforming the way we work and recruit, I’m of the belief that, for as long as there are people to help, problems to solve and personal connections to be made, there will still be jobs.And, hopefully, there will still be recruiters.​

Manager’s guide to offboarding – the complete kit
less than one minute

Manager’s guide to offboarding – the complete kit

An employee resignation can be a stressful time - but getting it right is essential to maintaining team performance.This kit takes you through the leaving process step by step, ensuring you cover all of the vital actions, gather valuable information from the departing team member, and keep morale high while minimizing disruption."If handled incorrectly, someone leaving can result in a missed opportunity - all that information just walks out the door."This kit will help you toMinimize disruption and keep morale high with a stress-free offboarding processFuture-proof your team from resignations with actionable feedback from the leaving employeeRecruit, reallocate, or restructure? Find the best way to deal with your vacancyThe kit containsAn expert guide featuring a step-by-step offboarding plan, failsafe handover process, information on effective exit interviews, and how to fill the team skills gap assessment.Time-saving tools and resources include an offboarding checklist, a nine-box succession planning grid, announcement email templates, and an exit interview template.

Top 9 second round interview questions to ask candidates
6 mins read

Top 9 second round interview questions to ask candidates

Once the initial round of interviews is complete, you should have a shortlist of potential candidates. Conducting a second interview will provide a more thorough assessment of each candidate and assist in making the final decision on their suitability for the position.Effective interviewingWhen it comes to hiring someone for remote or hybrid work arrangements, there are two types of interviews that you can conduct. The first one is more formal and can be done remotely, while the second one can either be more demanding or more casual and done in person. This approach allows you to gain a better understanding of the interviewee in two different settings. For instance, you could conduct a phone interview first and then another one in person.It's important to remember that interviews are a two-way communication process. You are not just looking for the right candidate, but you are also trying to sell the role to them. Therefore, it should be treated as an informative conversation rather than an opportunity to impress the interviewee. You need to represent yourself, your team, and your company in the best possible way.Keep in mind that every candidate could be a potential customer, client, or advocate for your business, and they will remember how you treat them. So, it's crucial to make a positive impression and treat every candidate with respect and professionalism.Common second interview questions to ask candidatesJust as in your first round of interviews, asking the right questions in the second round is vital to understanding if a candidate is suitable for the role.“Although there are never a fixed set of questions to ask in the second interview, here are our selection of questions for employers to ask which will hopefully allow you to understand a candidate more fully before making a decision on who to hire.”What are your long-term career aspirations?Asking candidates about their long-term career goals can provide useful insight into their suitability for your company. If they mention your business specifically, it suggests a desire to remain and contribute to its growth.Moreover, this question can reveal important aspects of their personality, such as honesty and passion.Understanding their priorities can help you make informed hiring decisions for your organization.Do you have any questions about the business or the role since your first interview?This question gives them the opportunity to clarify any doubts they may have and to demonstrate their level of interest and engagement.Furthermore, asking questions helps to fill any gaps in the candidate's knowledge and shows their preparation for the interview. However, some candidates may be nervous, so it is important to create a comfortable and supportive environment.Remember that this is an opportunity for both the candidate and the interviewer to learn more about each other and make an informed decision.How has your job search been going so far?If you ask this question in a second interview, you can gain valuable insight into your competition and the challenges you may face if they are selected instead of you. You might find out about other positions they've applied for and their current status in the hiring process.If they've recently attended multiple interviews, you may have to wait longer for their response or come up with a counteroffer to stay competitive. It's important to ask all candidates the same questions during the interview process to avoid discrimination or bias.What skills do you think are required for this role?This can help you evaluate their comprehension of the position and their ability to think critically. It also gives them a chance to showcase their skills and how they align with the job's requirements.This can give you a better understanding of their expectations, interpretation of the job description, and ensure they have a clear picture of the responsibilities involved. If there are any misunderstandings, you can clarify them, promoting transparency and reducing any future confusion.Ultimately, this approach can lead to better retention rates as candidates have a thorough understanding of the position before accepting an offer.What are the reasons you might not be suitable for this role?The response can reveal their level of motivation and attitude towards success. If a candidate expresses a willingness to learn and improve, this indicates a growth mindset, which is a valuable trait in any role.In contrast, if a candidate has a fixed mindset and believes that they cannot improve upon their abilities, they may not be suitable for the position.Therefore, asking this question can help identify the candidates who have the potential to grow and contribute to the organization.What changes would you suggest at this company?This question allows them to provide valuable insights into their potential challenges and how they could overcome them. It can also reveal their motivation for success.If they express a willingness to improve and be trained, it could indicate a valuable candidate with a growth mindset. Such individuals have more potential to learn and develop than those with a fixed mindset who believe they cannot improve in certain areas.What is the lowest salary you hope to earn from this role?It's important to ask applicants what their minimum salary expectation is for the job. It will help you to understand their salary expectations and gives you an opportunity to manage them if they're too high.On the other hand, the applicant may have done their research and found that the salary you're offering is lower than their worth. You may have the chance to increase your offer to match their expectations if you feel they are worth it.How would you describe your ideal work environment?The answer for this question will help you gain useful insights into their personality and work style.If their ideal work environment is similar to yours, then they are more likely to be a good fit for your company culture. Hiring someone who is not a cultural fit can lead to dissatisfaction and increase the likelihood of them leaving.On the other hand, if a candidate describes a work environment that is vastly different from yours, they may not be a good match for your company and could end up being unhappy and leaving later on.How soon would you be ready to start this role?This question will determine the candidate's availability and professionalism in the hiring process. It also helps to compare candidates based on their responses.It is important to note that if a candidate mentions leaving their current job without giving notice, it could be a red flag for your business. Therefore, asking the right questions during the hiring process is crucial to finding the best fit for your business.After meeting with a candidate for a second time, you should have a better understanding of their skills and abilities, and whether they would be a good addition to your team.​