Combatting cyber threats: how to protect your business

Karl Hoods, Chief Digital & Information Officer at the Department for Business, Energy and Industrial Strategy, talks to Reed about how you can protect your business from cyber security threats.

8 mins read
I Stock 1322205588 (2)

3 months ago

As companies continue to utilise workplace technologies to allow their business to grow and develop, the risk of cyber security attacks increases tenfold.

According to PwC, Swiss companies suffer ransomware attacks around every 11 seconds. Medium-sized Swiss companies suffer average damage of about CHF 6 million per cyberattack.

Now more than ever, companies across the world try and prevent cyber attacks. Because of this, the role of information technology in the workplace becomes even more critical for businesses to not only protect their assets, but to also lead towards a sustainable future.

We interviewed Karl Hoods, Chief Digital & Information Officer (CDIO) at the Department for Business, Energy and Industrial Strategy (BEIS) - UK, to find out what companies can do to protect their business from cyber security threats.

Watch the full interview with Karl, where he goes into detail on the importance of IT within business and how it has changed, alongside how companies can protect themselves from cyber attacks and the ‘must haves’ that can help ensure protection and sustainability for your business, here:

The role of IT in business

Information technology and the IT department now play a crucial role within any business, as the emphasis on monitoring and managing technology and communication systems grows.

There are very few companies now that don’t have an IT department or a professional who looks after the digital elements of the organisation. From being able to send an email, to changing and verifying a password, accessing and maintaining databases and troubleshooting, information technology allows businesses to become more efficient and productive.

While the role of the IT department still encompasses day-to-day operations, the responsibilities and strategic direction has changed exponentially, according to the CDIO at BEIS, Karl Hoods.

He said: “I think the role of the IT department, or the digital department, is incredibly important.

“There aren't many industries that don't have any reliance on technology at all. It's really a relationship that needs to continue to develop and evolve because there's so much value that technology can bring to everyday activities, from productivity if you're working in the office, through to manufacturing and what that can actually mean for output.

“IT has definitely progressed over the years, from being a supporting function to being something which should be integral to the operation of the organisation you’re in.”

Protecting your business

The need to protect your business from cyber-attacks has never been greater, and global governments continue to urge businesses to strengthen their cybersecurity practices. According to PwC, in 2020, 20,544 cases of cybercrime were reported in Switzerland, and 16,395 of these were classified as cyber fraud.

Conducting business through digital means can bring a host of opportunities and benefits to the fore, including the ability to email safely, store data, work remotely, and manage everyday operations. On the other hand, having a digital workstream can enhance the risk of a cyber attack.

While cyber-attacks can be hard to predict, Karl believes it’s imperative that companies look into potential risks to ensure that the business can remain functional, operational and secure.

He said: “There's definitely a conversation to be had about understanding what the threats are and really getting your head around that."

"From a cyber perspective, we've recently seen the exponential growth in cyber activity and cyber threats. It hits every part of every organisation and it can be incredibly disruptive. You need to look at your own risk as an organisation and where your threat vectors are, where you might have some weaknesses, where you might be exposed and then look to plug those."

Karl Hoods, Chief Information & Digital Officer, BEIS

In most cases, today’s technology tools come equipped with the necessary protection that allows businesses to safely go about their day-to-day operations. But making sure you understand how to use the tools is paramount.

Karl adds: “If you're using things like Office 365 or Google Workspace, they all come with tools which can help you. If you don't know how to use them, get some advice on what to do with that – an independent view is beneficial.

“Once you've got that base level of technology protection, then you can look to see how you can evolve that over time. There's also scope to put into place a technology recovery process, as well as a wider business recovery that needs to be done as well.

“Really understanding the key recovery processes, the key people and how long you can survive without having access to the technology is incredibly important.”

The technology ‘must haves’

Protecting your business in a digital world will allow your business to be both sustainable and progressive – but to do so, employers need to make sure that they’re doing everything possible from an IT standpoint.

There are certain processes and tools that can be put in place that will protect a business in both the short and long term. Because IT departments have gone from being purely ‘reactive’ to ‘proactive’, there are multiple ways that companies can firewall their digital assets, believes Karl.

He said: “So the ‘must haves’ are an awareness of the threats. Then there are basic principles that you need to employ which all come down to people a lot of the time. That includes the need for strong passwords, two-factor authentication, all those kinds of things that you need to put in place.

“If you look at the history of some of the compromises that happen, they are around compromised accounts, around credentials that are not being rotated often enough for admin accounts, etc. There's a similar pattern emerging over and over again – usually down to a flaw in the process.

“Focus on understanding your threats, understand where your weaknesses are, and plug those where you can. Also having a really strong user training and awareness programme is incredibly key because people are the weak spot in many of these things.”

Focusing on the employee

Companies need to take the time to invest in their employees to ensure security breaches, no matter the size, can be prevented.

Researchers from Stanford University suggest that approximately 88% of all data breaches are caused by an employee mistake. Human error is still very much the driving force behind an overwhelming majority of cyber security problems, which makes upskilling your employees more important.

Karl believes that “no matter what technology you've got in place, there’s always a weak point which can be individuals, whether that's malicious or just a genuine mistake.

“Investing in the technology, the processes and the people in terms of upskilling has got to be key for any organisation of any size to recover.

“We all get phishing attacks and malware attacks at home. Just because you've come into the office doesn't mean to say that everything's taken care of by the security or technology team.

“It's just about keeping abreast of that, keeping up to date, making people aware of the consequences and understanding what the outcomes could be.”

According to software company Symantec, in the UK, one in every 3,722 emails is a phishing attempt, further reinforcing the need to make employees aware of any potential threats that can occur both within the office and while working from home.

Karl adds: “If there is a breach, it’s about knowing who to notify when something happens, even if you're unsure whether it's a breach or not.

“It's better to put your hand up and say, ‘can you look at it for me?’ rather than just say ‘I'm not quite sure’ and let it go so even more damage can be done.

“There are lots of software and courses that are available. It can be very much bitesize and consumable on the move, just short little snippets of information that can really help to protect your business.”

Growing awareness business wide

As the IT department’s roles and responsibilities evolve, so too does their ability to influence and inform senior leaders, which is crucial when it comes to the prevention and awareness of cyber security measures.

Growing awareness around cyber security isn’t just for entry-level employees, it must encompass all departments from graduates all the way up to c-suite executives and the board.

"There’s this concept of the ‘human firewall’ that is what we really need inside organisations."

Karl Hoods, Chief Information & Digital Officer, BEIS

Karl said: “Awareness should start in general terms so that people know how to protect themselves, know not to click on links that they don't expect to receive- for all employees at all levels.

“It isn't just focused on the most junior person in the organisation. This needs to be right up to board level and down, everyone needs to understand the role that they play in protecting the organisation.”

Are you looking for a talented IT professional to drive your business’ growth? Get in touch with our specialist recruiter now.

You may also be interested in...

Changing perceptions: how to create an inspiring office space
9 mins read

Changing perceptions: how to create an inspiring office space

​The office space is often at the heart of business culture, as it creates collaboration for meetings and group work, enhances relationships across the business and helps with in-house training and development opportunities. However, increasing numbers of professionals across the world are finding office workplaces uninspiring and uninviting, with the after-effects of the pandemic causing a shift in work attitudes.  According to a report by the International Workplace Group (IWG), for 70% of the people they've surveyed, a choice of work environment is a key factor when evaluating new career opportunities.So, what can businesses do to improve the office space? Becky Turner, Workplace Psychologist at the British interior design firm Claremont Group Interiors, explains more in our interview: ​​Q. What can businesses on a budget do to update their office space to suit the modern workforce?A. On a budget, it's all about prioritising maximum impact. You’ll probably want to consider phasing some work and so potentially, if your maximum impact is to create a lot more spaces for your colleagues to connect and collaborate with each other, then you might bring in some open collaboration areas, some booths that you can have semi-private conversations in.But don't lose sight of the bigger picture. Consider a wider programme of works that you might want to do over five years. Maybe create a five-year plan of your real estate and then you can phase it into certain pockets of activity. So, like I say, you're spreading that budget over those five years.So, design for maximum impact first. Make sure you're communicating with your colleagues about the plan, if you can be as open as possible. Really take them on that journey with you, because then, all these little bits of disruption over the period that you're going to be doing some work, they'll be on board with because they understand the impact that it's going to have on them in the future.Q. What sort of approach should business leaders take when designing their office space?A.It's all about engagement. So, engagement with your colleagues at all levels. What do they need?In this hybrid way of working, which a lot of organisations are taking on board, what's going to be that thing that makes people decide, when they wake up in the morning or they're planning out their diary, ‘am I going to come into the office that day or am I going to work from home?' What's going to make them want to come into the office?To do that it's not a case of just thinking ‘I know my people, I know what they'll say’, because they might surprise you. It's all about understanding their needs and requirements because they're the ones who're going to be utilising the space, not making assumptions.Q. How can organisations prioritise energy efficiency for next-generation workplaces?A.This is a really interesting topic. It's hot on the cards for every organisation: you’ve got standards to meet, there's new and innovative ways to try and meet those standards, and really there's a couple of options here.It was staggering when we did some independent research and, bearing in mind it was in January so we were going through this cost-of-living crisis and things were a little bit uncertain, we found that 28% of people were coming into the office for the energy and for the heating, which is just absolutely staggering. It's so important; if people are going to come in for the energy, for example, then we need to make sure it's efficient within the workplace as well.It's largely about designing in some really smart ways to support your energy usage. You might try and look at your mechanical and electrical first and unfortunately, that's usually the biggest chunk from your budget. It’s going into things that are above the ceiling and below the floor that you can't even see, but it's going to make a huge difference to the bill at the end of every month, but also the comfort levels of your colleagues.Q. How much does an office space impact an employee’s satisfaction and overall productivity level?A.Employee satisfaction and productivity go hand in hand, they're highly correlated. It’s massive the impact your workplace can have on numerous levels.Purely functionally, as long as you can come into your space and you can work in the way that you work best, that's going to massively maximise your productivity. If you're an extrovert and you might be doing a bit of admin work, sitting in an area where actually you can get some stimulation, that's going to be important to you and maintain your focus, which for some might seem a little bit backwards, but that's what the research shows.And then equally, if you've got somebody coming in to do that same role, who might be an introvert or who might be hypersensitive, a little pod, such as the one that I'm in now, is nice and small. You can come, you can plug in, you can control the lighting and the temperature, and it's nice and quiet so you could get your head down and work.So really providing lots of different spaces where people can feel comfortable getting their work done and work to the best of their ability, that's going to massively improve their satisfaction levels and equally productivity.Q. How important is personalisation when revamping an office space?A.It's a really big deal, actually. Historically, if you think about offices and how they were portrayed in movies from the nineties and the early noughties, especially in America, people are in cubicles, and they've all got pictures of their dogs, their family, their kids. People have always enjoyed personalising their spaces; it's their safe space.So this is a big challenge when you're then opening areas up, and having a slightly more open plan office, particularly now in hybrid working, where not every everyone might have a designated desk. That's where maybe there's this idea that ‘oh no, I'm not going to be able to control my space anymore. I'm not going to be able to personalise it. It's not going to feel like mine.’It's a change in mindset, about thinking ‘ok, this isn't my space only, it's not my den, it's our space that we all share together and collectively, so how could we all get involved in the design process?’ And this takes me back to one of those first points about engaging with your colleagues. What do you want? What do you need? What's going to make it comfortable for you?That's the sort of bigger picture of personalising on a grand scale. Everybody's getting a bit of insight and an opportunity to put their thoughts forward within the design. So in a sense it's being created as a collaborative process.But then alongside that, you can create hackable spaces. These are areas where actually the function might be multifunctional; it's going to really maximise the space that you've got, particularly if you've not too much space. It could be a meeting room that's got walls that could fold back, it could have panels that you can move around. There's a lot of furniture that's on wheels nowadays, so you can move it, you can create the kind of experience that you need. So, on a day-to-day, you can equally personalise it to get exactly what you need from the space.I'd say an important thing here is that it's great to give somebody a little space that they do own. That might just be a nice sized locker so that people can put their valuable things they might have, especially if they've cycled in, they've got somewhere that they can lock everything up, that's just a little place that somebody owns.Q. Socialisation is a key part of office life. How can businesses utilise its space to help enhance socialisation and collaboration with colleagues?A.We’ve almost got two points here where socialisation and connection with your team is so important. We saw over the enforced lockdown period when people were feeling a lot more isolated, mental health went down in general because of this isolation and also the fact that people were unsure of what was going to happen and had lack of control.The amount of insight you can get from non-verbal communication – by body language for example – is huge. By connecting over teams, you don't quite get that full experience. We've evolved as social creatures to be in front of each other, so I don't think that there's anything that could quite replicate that.So, what we've been doing quite regularly is creating essentially a social heart to office spaces. Say you’ve got a three-storey office, rather than putting a big social space or a nice kitchen on each floor, you put a few tea points where you can go and get your water, make sure you stay hydrated and maybe a quick brew on each floor, but maybe on the middle one, you'd have a big social space. So that would have your really good coffee machine, as anyone that likes a good coffee will go up to that space and connect with other people that they might not do on a day-to-day basis.It's the space that you would go to for lunch, and it's the space that you would then go to for events in the evening if you had any social events or ‘lunch & learns’, if that's what your organisation does. Just really social things to get everybody together in one place rather than disperse across the three floors because that's the sure-fire way to create silos if you don't have a central space.So that's your heart. And that's where everyone's going to come together.Then you've got the collaboration side as well, and that could be informal. You could use this big social space and that could also be a big collaboration space. It could be an innovation area because it looks and feels a bit different. So you just have to move the furniture around a little bit, creating some tiered seating areas so you could hold big town hall meetings, for example, or present something or get an external organisation to come in and present to you. That way you're really showing that you value your colleagues, you're supporting them through their development, but it's all about providing the platform with your space to enable that.Looking for your next hire? Speak to one of our expert consultants today.

Induction checklist for new staff (downloadable template)
less than one minute

Induction checklist for new staff (downloadable template)

​Inductions are vital to ensuring new staff settle into an organisation and make a positive impact. Using a straightforward induction checklist can make onboarding simpler and more effective.A concise and well-structured induction checklist for new staff can heighten the entire induction process, helping any new member of the team to get up to speed quickly and efficiently.An induction checklist can remove some of the pressures that managers and HR professionals face when effectively onboarding new team members.Our downloadable induction checklist includes:First day tasksFirst week tasksFirst month tasksTasks after three monthsTasks after six monthsWhile checklists are helpful in ensuring best practice and a thorough employee experience, they shouldn’t turn the induction into a tick-box exercise. Our free induction checklist template is designed to simplify the onboarding process and support your new starters through their first six months.Whether you are looking for guidance to use across your own company, or interested in learning more about what you need to include, this comprehensive checklist is an indispensable tool to help you and your new employees.

Internal communications: how to add value to your business
6 mins read

Internal communications: how to add value to your business

​As workplaces evolve, internal communication (IC) is more important than ever – serving to strengthen bonds between employees and employers and foster an inclusive, supportive community. Often undervalued, the role of the internal communicator is that of mediator, successfully marrying fixed business objectives to the changing needs of the workforce. The Institute of Internal Communication drives standards through training, thought leadership, awards and qualifications across the UK and we interviewed the Chief Executive Jennifer Sproul (pictured below). Read the interview below on how businesses can enhance their internal communications strategy.InterviewQ. What is the value of internal comms, and how have strategies changed since the pandemic?A. Internal communications refers to the practice of communicating with employees, and helps drive organisational success by fostering engagement, collaboration and alignment. Its ultimate purpose is to improve the overall employee experience, contributing to high productivity and reducing turnover by keeping the workforce informed, engaged and motivated.Since the pandemic, employers have been adopting new IC strategies, such as increasing the use of digital channels, focusing on employee wellbeing, and enhancing transparency, authenticity and empathy.IC also played a big role in keeping employees engaged during the Covid lockdowns through online community-building activities. It continues to provide an opportunity and platform to keep everyone in the business updated, allowing stories to be shared and achievements celebrated.Q. To what extent is it only larger organisations that need employees who are dedicated to IC?A. Determining when to employ an IC professional largely depends on the company size, structure, and communication needs. Smaller businesses may not need a dedicated person for the role and opt instead for someone who can handle general comms tasks alongside other responsibilities. However, as the organisation grows, a team may be needed to manage the volume and complexity of communication channels. The goals for the business will shape the comms strategy.Q. What should small companies without the budget for people dedicated to IC do to improve their internal comms?A. Some options to consider when budget is tight might be to establish regular communication channels such as weekly meetings or a company-wide newsletter to keep employees informed about news and updates.Many people relish the chance to learn something new at work. Training and development programmes in communication can be a great way to improve employees’ soft skills. After all, good communication helps in all areas of life and work: leadership, presentations, influencing and mediation, for example. Confidence with communication can inspire staff to take on new tasks and more responsibility – increasing career prospects.It’s also good to encourage open and transparent communication among team members and provide opportunities for feedback and suggestions. It goes without saying that keeping up to date with the latest tech is crucial. Leverage affordable technology solutions such as instant messaging and video conferencing tools to facilitate remote collaboration.Regardless of the budget or size of organisation, understanding your workforce and prioritising a culture that emphasises communication, collaboration and engagement, can lead to better employee satisfaction.Q. Do you feel company intranets are an overlooked resource? What can be done to make them more attractive and valuable to employees?A. Company intranets are often viewed as a tool for top-down communication rather than a resource for employee collaboration and information-sharing. Several steps might be taken to enhance them, such as designing an intuitive and user-friendly interface that is easy to navigate and find information, and ensuring the intranet contains relevant and up-to-date information, including company news, policies, procedures, and resources.Social media has resulted in people being far more enthusiastic about using comms professionally and personally – encouraging employees in forums or discussion boards to share ideas, feedback, and best practice can foster a positive culture.You could also consider the intranet as a learning platform featuring online courses, webinars, or podcasts. Fill it with easily-accessible tools and applications that make work more efficient, such as project management software or collaboration tools – and send reminders of any key changes that employees might find most useful and interesting.Q. IC can sometimes be undervalued – what are the signs of success?A. It’s all-too-often the task of the IC professional to have to explain or prove the value of their role to stakeholders who don’t fully understand its purpose.The success of IC can be measured by increased employee engagement, improved productivity, better morale, lower turnover, and increased innovation. When employees feel informed, supported and valued, they are likely to be more invested in their work and committed to the organisation’s goals. Good IC creates a sense of community and belonging.Q. What are some of the common challenges when responsible for IC?A. Every day presents new challenges, and probably greatest of all is striking the balance between the type, tone and timing of messaging sent. It’s not always easy to get right – employees have busy days when they barely have time to check their emails, so an understanding of when to try and capture their interest is key to engagement – and avoiding information overload. And it’s important to always be mindful of topical issues outside the workplace before releasing information that might be perceived as tone deaf because it was poorly timed.The job also involves ensuring consistency in messaging, a readiness to adapt to change, and overcoming language and cultural barriers. Empathy and confidentiality are important factors too.Q. Is it more usual for an IC role to sit within a marketing team than HR – does it matter?A. Where the role of IC sits depends on the business and its goals. Marketing teams often focus on external communication and promoting the company’s brand, whereas HR teams typically focus on internal comms and employee engagement. IC roles can fit into either team but should be where they can best support and enable effective company-wide communication.Ultimately, it’s essential for the IC professional to have a clear understanding of the company’s communication goals and work with both external comms and HR teams to achieve them.Q. What are the greatest industry changes the Institute of Internal Communication (IoIC) has noticed in recent years, and how might IC change in future as workplaces continue to evolve?A. The IoIC has observed several significant industry changes. One major trend is the increasing use of digital channels for IC, such as the adoption of enterprise social networks, instant messaging, and video conferencing tools, which have enabled remote and flexible working arrangements.Another change is the growing emphasis on employee engagement and culture. Organisations are realising effective IC plays a key role in fostering a positive workplace culture that pays dividends in the longer term.As workplaces continue to evolve, the role of IC is likely to become even more critical. We could see IC professionals adapting to new communication technologies and channels, such as artificial intelligence (chatbots) and virtual and augmented reality balanced with human-centred communication. Those working in IC will also need to develop strategies to communicate with a diverse workforce, including remote and contingent workers, to ensure success.Looking for hire new professionals for your team? Get in touch with one of our specialist recruitment consultants today.