Combatting cyber threats: how to protect your business

Karl Hoods, Chief Digital & Information Officer at the Department for Business, Energy and Industrial Strategy, talks to Reed about how you can protect your business from cyber security threats.

8 mins read
I Stock 1322205588 (2)

over 1 year ago

As companies continue to utilise workplace technologies to allow their business to grow and develop, the risk of cyber security attacks increases tenfold.

According to PwC, Swiss companies suffer ransomware attacks around every 11 seconds. Medium-sized Swiss companies suffer average damage of about CHF 6 million per cyberattack.

Now more than ever, companies across the world try and prevent cyber attacks. Because of this, the role of information technology in the workplace becomes even more critical for businesses to not only protect their assets, but to also lead towards a sustainable future.

We interviewed Karl Hoods, Chief Digital & Information Officer (CDIO) at the Department for Business, Energy and Industrial Strategy (BEIS) - UK, to find out what companies can do to protect their business from cyber security threats.

Watch the full interview with Karl, where he goes into detail on the importance of IT within business and how it has changed, alongside how companies can protect themselves from cyber attacks and the ‘must haves’ that can help ensure protection and sustainability for your business, here:

The role of IT in business

Information technology and the IT department now play a crucial role within any business, as the emphasis on monitoring and managing technology and communication systems grows.

There are very few companies now that don’t have an IT department or a professional who looks after the digital elements of the organisation. From being able to send an email, to changing and verifying a password, accessing and maintaining databases and troubleshooting, information technology allows businesses to become more efficient and productive.

While the role of the IT department still encompasses day-to-day operations, the responsibilities and strategic direction has changed exponentially, according to the CDIO at BEIS, Karl Hoods.

He said: “I think the role of the IT department, or the digital department, is incredibly important.

“There aren't many industries that don't have any reliance on technology at all. It's really a relationship that needs to continue to develop and evolve because there's so much value that technology can bring to everyday activities, from productivity if you're working in the office, through to manufacturing and what that can actually mean for output.

“IT has definitely progressed over the years, from being a supporting function to being something which should be integral to the operation of the organisation you’re in.”

Protecting your business

The need to protect your business from cyber-attacks has never been greater, and global governments continue to urge businesses to strengthen their cybersecurity practices. According to PwC, in 2020, 20,544 cases of cybercrime were reported in Switzerland, and 16,395 of these were classified as cyber fraud.

Conducting business through digital means can bring a host of opportunities and benefits to the fore, including the ability to email safely, store data, work remotely, and manage everyday operations. On the other hand, having a digital workstream can enhance the risk of a cyber attack.

While cyber-attacks can be hard to predict, Karl believes it’s imperative that companies look into potential risks to ensure that the business can remain functional, operational and secure.

He said: “There's definitely a conversation to be had about understanding what the threats are and really getting your head around that."

"From a cyber perspective, we've recently seen the exponential growth in cyber activity and cyber threats. It hits every part of every organisation and it can be incredibly disruptive. You need to look at your own risk as an organisation and where your threat vectors are, where you might have some weaknesses, where you might be exposed and then look to plug those."

Karl Hoods, Chief Information & Digital Officer, BEIS

In most cases, today’s technology tools come equipped with the necessary protection that allows businesses to safely go about their day-to-day operations. But making sure you understand how to use the tools is paramount.

Karl adds: “If you're using things like Office 365 or Google Workspace, they all come with tools which can help you. If you don't know how to use them, get some advice on what to do with that – an independent view is beneficial.

“Once you've got that base level of technology protection, then you can look to see how you can evolve that over time. There's also scope to put into place a technology recovery process, as well as a wider business recovery that needs to be done as well.

“Really understanding the key recovery processes, the key people and how long you can survive without having access to the technology is incredibly important.”

The technology ‘must haves’

Protecting your business in a digital world will allow your business to be both sustainable and progressive – but to do so, employers need to make sure that they’re doing everything possible from an IT standpoint.

There are certain processes and tools that can be put in place that will protect a business in both the short and long term. Because IT departments have gone from being purely ‘reactive’ to ‘proactive’, there are multiple ways that companies can firewall their digital assets, believes Karl.

He said: “So the ‘must haves’ are an awareness of the threats. Then there are basic principles that you need to employ which all come down to people a lot of the time. That includes the need for strong passwords, two-factor authentication, all those kinds of things that you need to put in place.

“If you look at the history of some of the compromises that happen, they are around compromised accounts, around credentials that are not being rotated often enough for admin accounts, etc. There's a similar pattern emerging over and over again – usually down to a flaw in the process.

“Focus on understanding your threats, understand where your weaknesses are, and plug those where you can. Also having a really strong user training and awareness programme is incredibly key because people are the weak spot in many of these things.”

Focusing on the employee

Companies need to take the time to invest in their employees to ensure security breaches, no matter the size, can be prevented.

Researchers from Stanford University suggest that approximately 88% of all data breaches are caused by an employee mistake. Human error is still very much the driving force behind an overwhelming majority of cyber security problems, which makes upskilling your employees more important.

Karl believes that “no matter what technology you've got in place, there’s always a weak point which can be individuals, whether that's malicious or just a genuine mistake.

“Investing in the technology, the processes and the people in terms of upskilling has got to be key for any organisation of any size to recover.

“We all get phishing attacks and malware attacks at home. Just because you've come into the office doesn't mean to say that everything's taken care of by the security or technology team.

“It's just about keeping abreast of that, keeping up to date, making people aware of the consequences and understanding what the outcomes could be.”

According to software company Symantec, in the UK, one in every 3,722 emails is a phishing attempt, further reinforcing the need to make employees aware of any potential threats that can occur both within the office and while working from home.

Karl adds: “If there is a breach, it’s about knowing who to notify when something happens, even if you're unsure whether it's a breach or not.

“It's better to put your hand up and say, ‘can you look at it for me?’ rather than just say ‘I'm not quite sure’ and let it go so even more damage can be done.

“There are lots of software and courses that are available. It can be very much bitesize and consumable on the move, just short little snippets of information that can really help to protect your business.”

Growing awareness business wide

As the IT department’s roles and responsibilities evolve, so too does their ability to influence and inform senior leaders, which is crucial when it comes to the prevention and awareness of cyber security measures.

Growing awareness around cyber security isn’t just for entry-level employees, it must encompass all departments from graduates all the way up to c-suite executives and the board.

"There’s this concept of the ‘human firewall’ that is what we really need inside organisations."

Karl Hoods, Chief Information & Digital Officer, BEIS

Karl said: “Awareness should start in general terms so that people know how to protect themselves, know not to click on links that they don't expect to receive- for all employees at all levels.

“It isn't just focused on the most junior person in the organisation. This needs to be right up to board level and down, everyone needs to understand the role that they play in protecting the organisation.”

Are you looking for a talented IT professional to drive your business’ growth? Get in touch with our specialist recruiter now.

You may also be interested in...

Three tips for finding a job you’ll love
2 mins read

Three tips for finding a job you’ll love

Take a moment to picture your ideal career…Is it the job you’re in now or were you just daydreaming about greener pastures in another role or company? If it’s the latter, don’t worry. We’ve all been there. 

Maybe you’re worried that you don’t have the right skills or experience to get the job you really want, or maybe you’re not even sure about what you want to be doing but you know it’s not this. 

Whatever the reason, we’re here to help. Here are just three tips from the Life's Work course hosted by Reed's Chairman and CEO, James Reed, which could help you find a job you’ll love (and Love Mondays). 

Know what you want (what you really, really want)

It may seem obvious, but having a solid idea of what you want out of your career is the first step to getting there. 

It starts with understanding what your values, goals and strengths, and then using that knowledge to reflect on what careers you’ll really find fulfilling. What are your key skills and weaknesses? What tasks do you excel at (or dread doing)? And where do you really see yourself in the future?

Armed with these answers, you’ll feel more confident that your next career move is the right, because it matches not just what you want out of your job, but out of your life too.

Do your research

One of the most challenging parts of changing jobs or careers is making sure you land in a sector that isn’t in decline. That means digging into current in-demand and stable sectors, such as AI or education, to see where your skills might fit.

It’s also a good idea to look into the companies you’re interested in to see if your values align and if they’re financially stable. You won’t want to jump ship only to find yourself in a company you don’t like – or worse, that could lead to your job being at risk a few months down the line. 

Get networking

Or, as James Reed CBE puts it in his book, Life’s Work,– go to parties. 

The truth is the word ‘networking’ has become synonymous with things like sweaty palms at awkward social events and DMs from strangers on LinkedIn. But it doesn’t have to be that way.

When you strip it down to its essentials, networking is really about connecting with people who can help you (and vice versa). It could mean going for coffee with a friend to pick their brains about a sector you’re interested in it could mean attending an event and just getting to know people, and yes, it could mean messaging semi-strangers on LinkedIn – which can actually be really effective if approached in the right way and remember to personalize your message. 

While this list is by no means exhaustive, it’s a great starting point for exploring what you want to do next. 

Are you looking to take the next step in your career? Search and apply for jobs in Switzerland now.

Who to promote: a guide for employers and managers
4 mins read

Who to promote: a guide for employers and managers

​How does your business decide who to promote? Is career progression embedded within the workplace culture or is it done in line with employee tenure?

The process of promotion should consider merit, potential, and alignment with organizational values. Meritocracy should be the cornerstone of any promotion strategy, rooted in a comprehensive evaluation of an individual's performance, skills, and contributions to the business. Tangible achievements such as key performance indicators, project outcomes, and leadership abilities, should guide this assessment.

However, merit alone does not paint the full picture. It’s important to identify individuals with the capacity to grow, adapt, and innovate and those who demonstrate a hunger for learning, a willingness to take on new challenges, and a track record of exceeding expectations. Investing in the development of high-potential individuals is key to futureproofing your business.

Promote those who show enthusiasm and excellence

Promoting individuals who embody the core values and culture of your business reinforces a sense of purpose and belonging among employees. Beyond technical skills and performance metrics, assess candidates' alignment with your company's mission, vision, and ethics. It’s usually easy to spot those who both excel in their roles and show enthusiasm for the ethos of the business – these professionals are more likely to drive positive change and inspire their colleagues.

There have been many conversations about extroverts and introverts in the workplace and the traits typical of both – some of which can sway employers to promote one group over another. Personality testing at the hiring stage or as part of professional development, can help identify individuals with the potential to go further within the business, but they can also lead to bias, so should be balanced with traditional interviews and employee performance.

Diversity and inclusion (D&I) should also be central considerations when promoting. Ensure opportunities are accessible to individuals from all backgrounds, regardless of gender, ethnicity, age, or socio-economic status. Actively seek out diverse talent, create inclusive promotion criteria, and address systemic barriers that may impede the advancement of underrepresented groups.

Jobseekers actively look for employers that can evidence their commitment to D&I, so it pays to promote this on all channels, including in your job adverts. Lip service is not enough – professionals will not stay long in an environment they perceive as old-fashioned and out of touch. Embracing diversity strengthens your talent pool and builds on your reputation as a progressive and inclusive employer.

Employees should have a clear understanding of the criteria, process, and timeline for promotion. Provide regular feedback on their performance and development areas, empowering them to actively pursue growth opportunities. Also, establish mechanisms for staff to raise concerns or grievances related to the promotion process.

Deciding who to promote

Look for those who demonstrate both competence and potential for leadership and growth. Here are some key attributes to consider:

Job performance

Consistent achievement of goals and targets - high-quality work output, ability to meet deadlines, and manage workload effectively.

Leadership skills

Demonstrated ability to motivate and inspire others - effective communication skills, both verbal and written, capacity to delegate tasks and empower team members.

Problem-solving abilities

Aptitude for critical thinking and analytical reasoning - proven track record of resolving complex issues, willingness to take initiative and propose innovative solutions.

Adaptability

Ability to thrive in changing environments - flexibility to adjust strategies and tactics as needed, openness to feedback and willingness to learn new skills.

Emotional intelligence

Empathy towards colleagues and clients - skill in managing interpersonal relationships, self-awareness, and ability to regulate emotions.

Strategic thinking

Understanding of the broader organizational goals and objectives - the capacity to develop long-term plans and strategies, skill in prioritizing tasks, and allocating resources effectively.

Team collaboration

Track record of working well within a team - ability to foster a positive and inclusive work environment, willingness to support colleagues and share knowledge.

Continuous learning

Commitment to personal and professional development - eagerness to seek out new challenges and opportunities for growth, willingness to invest time and effort in acquiring new skills.

Ethical conduct

Integrity in decision-making and actions - respect for company values and ethical standards, accountability for own behavior and its impact on others.

Industry knowledge

Understanding of the sector in which the business operates - awareness of industry trends and developments, ability to apply industry knowledge to drive business success.

Final thoughts

Promotion creates opportunities for leaders to strengthen their business and should therefore be seen as an investment. No one should ever feel pressured to take on the greater responsibility that comes with promotion, but providing avenues for those who want the challenge is a win-win situation.

If you are looking for new talent for your teams, or considering your next career move, get in touch with one of our specialist consultants today.

Download our editable performance review template
4 mins read

Download our editable performance review template

The annual appraisal is considered a dying practice – but it just needs to be revived in the right way, and more importantly, undertaken more frequently, to benefit the parties involved.

With positive feedback, little and often is the best way to keep employees motivated and inspired. These reviews should be a meeting that employees look forward to because they will either receive praise or constructive feedback that will help them in their careers.

An employer who nurtures the progression of their team and shows they care about them is more likely to retain their employees than those who seem apathetic.

What is a performance review?

A performance review is an assessment of an employee’s performance in the workplace over a certain period. It is typically used to provide feedback on the professional’s strengths, weaknesses, and areas for improvement. It may also include a discussion of the employee’s career objectives and provide guidance on how best to achieve them.

Is there a difference between a performance review and appraisal?

Performance reviews and appraisals refer to the same type of one-to-one meetings about employee performance and progression. The only difference lies in how they are used: ‘performance review’ connotes an informal meeting between a manager and their employee which focuses on feedback, career progression, goals, salaries and more. Appraisals, on the other hand, often refer to more formal reviews, in which the two parties might, for example, discuss salary.

While other performance review templates will have a firm structure, our template can be used periodically, as needed for any type of one-to-one or group discussion regarding goals and areas for development and tailored to the employee. It is fully editable and customisable.

What should be included within a performance review?

Performance reviews can cover any area of concern employees wish to discuss that might help them improve their work, productivity, skills, or prospects. This might include their progression, goals, salary, benefits, upskilling opportunities, wellbeing and more. The content, context and frequency of the review should be a mutual decision, but the focus should be on the needs of the employee.

Usually, there should be some structure to the meeting in order for both parties to benefit. Our performance review template can be used to cover specific areas for the employee’s development and build a progression plan.

What questions should a manager ask as part of a performance review?

Performance review questions should prompt the employee to speak openly and honestly about their performance and any concerns they have.

Here are some performance review question examples:

  • What do you hope to achieve by the next review?

  • What do you feel you have done well / how do you feel you’ve developed since the last review?

  • What do you feel you could have done better and why?

  • Do you have any additional feedback or suggestions for me?

  • What are the different types of performance review?

Performance reviews come in various forms

From self-assessments and one-to-ones to wider evaluations by multiple colleagues. Here are the main examples:

  • Traditional performance reviews involve a manager assessing the performance of their employee, but feedback can go both ways. When an employee evaluates the performance of their manager, it is known as upwards feedback.

  • Self-assessment reviews are undertaken by the individual employee and give them a chance to reflect on their performance from a different perspective, perhaps more objectively.

  • Peer reviews enable colleagues to share their perspective of another’s contribution to the team.

  • 360-degree reviews involve more than one assessor, resulting in multiple points of view in one review.

Employee performance reviews can happen as frequently as they need to for the best outcomes: perhaps monthly, annually, or quarterly. Individuals may be suited to a mix of the above reviews, according to the level of support needed.

Each type of performance review mentioned above can be facilitated by our appraisal template.

The benefits of conducting performance reviews

Regardless of how frequently they’re performed or who is reviewing whom, regular performance reviews offer many benefits. If done well, there are no downsides.

The overall benefits are:

  • Ensuring employees understand their role and your expectations of them

  • Determining to what extent employees are meeting those expectations

  • Providing support and having an honest discussion

  • Acknowledging and rewarding good performance

  • Nurturing your employees’ career progression

  • Increasing engagement and longevity

Making time regularly to discuss anything and everything is crucial for transparency and building trust between a manager and their employee.

Examples of effective performance reviews

The most effective performance reviews are those where the person comes away with SMART (specific, measurable, attainable, realistic, time-bound) goals to help them improve in some way before the next review.

In any employee review form, there must be structure, but there should also be flexibility to adapt it to the needs of different employees.

The fundamentals of a performance review are:

  • Setting SMART goals

  • Honest and constructive feedback

  • A safe space for two-way communication and trust

  • Appropriate praise and recognition

Our template provides space to outline key areas of success, development, and focus, to give feedback on skills, and create an agreed action plan with objectives to meet before the next review – whether that’s monthly, quarterly, or annually.

Every team is different – that’s why our performance review template is adaptable to your own requirements.

Whether you’ve completed many performance reviews in the past, or have yet to conduct one, our template can help you provide the best experience for your employees.

Get started with our free template today – download it now.