Insight: Eight steps companies can take to become breach proof
Tim Bandos, Senior Director of Cybersecurity at Digital Guardian, identifies eight key components of a robust cyber security framework and discusses why a strategic approach must be taken if long-term cultural change is to be achieved.
An effective organisational security framework is an absolute necessity in today’s business environment, but all too often companies are falling short, either through poor/rushed planning or failure to strike the right balance between technology and employee education.
The answer lies in blending strategic security technology investments with regular employee training and awareness to create a comprehensive security net without compromising business productivity. This can be tricky without the right tools and knowledge, but below are eight key steps to follow when aiming to combine the best of both worlds:
Invest in the right security technology
In the current security climate, relying on employees to do the right thing in every situation is both unfair and unrealistic. Whilst overly restrictive or heavy handed security practices can hinder productivity, the right technology investments made in the right areas will have an overwhelmingly positive impact. Not only will it take the guesswork out of many security situations, but creating a technology based safety net will relieve pressure on employees, allowing them to go about their jobs without fear of recrimination.
- Telecom Italia agrees Microsoft partnership to drive AI integration
- BASF reveals employee ideas saved it €58mn in 2017
- Business Chief magazine, Europe edition - click here to read April's issue
Beware the insider threat
Not all employees are created equal when it comes to risk. It’s important to take the time to identify which employees, at every level of the business, represent the greatest risk to sensitive business data in the event of a security breach. For example, employees with network administrator credentials pose a far higher risk than those with local user access. Other employees may be the custodians of critical business IP, making them more of a target to cyber criminals. Determining where the most risk resides and tailoring defences accordingly is one of the highest priorities for any business looking to improve its cyber security.
Reward good behaviour
Simply communicating security policy to employees and expecting them to adhere to it immediately is unlikely to work. Changing employee behaviour requires regular training as well as positive reinforcement. Incentivising employees to follow established protocols and rewarding those that do will go long way to enacting long-term behavioural change by helping them to form new habits that become instinctive over time.
Don’t limit security to the IT department
Too many businesses place the burden of security solely at the feet of the IT department. In reality, a robust security framework requires buy-in from nearly every department if it is to be successful. The marketing department can even play a role in building a strong security brand within the company. Tapping into a group of individuals that knows how to position oneself, what reaches people, and how to measure it, can be enormously helpful with internal awareness.
Consider appointing internal security leaders
Depending on the size of a business it can also be helpful to appoint a group of internal leaders to further assist with security efforts. A group of knowledgeable individuals can streamline communications across the business, bring security issues to the table in a constructive manner and help to field security questions from employees in order to improve decision making and cut down on trivial mistakes.
Policies, policies, policies
All effective security frameworks need to be underpinned by a clear written policy. Without a policy in place, it can sometimes be difficult to hold employees accountable for their actions. Creating a written policy immediately solves this issue whilst providing an initial reference point for anyone wishing to clarify company position on anything relating to cyber security.
Don’t reinvent the wheel
When it comes to IT security management frameworks, there are already numerous great guides out there. Not everything will be relevant to every business, but aligning with industry best practices will always create an excellent platform from which to move forward. Furthermore, the end result will likely be a far more comprehensive security framework than would otherwise be the case.
Know good things take time
It can sometimes take years for a company to deploy a successful security awareness campaign, let alone master organisational security over the long-term. Too many businesses try to be tactical in their approach when what’s really needed is a long term strategic vision that’s built up over time. Focus on timelines of years, not weeks or months, and the chances of success will be much higher.
Achieving a robust cyber security framework can often feel like an uphill struggle, but all too often businesses are making fundamental mistakes that significantly hamper their efforts. Adhering to a series of logical steps such as those above will not only help businesses ensure they are covering all important aspects of cyber security, but that their efforts will enable long-term cultural change rather than resulting in a short-term fix that is soon forgotten again.
Automation of repetitive tasks leads to higher value work
Two-thirds of global office workers feel they are constantly doing the same tasks over and over again. That’s according to a new study (2021 Office Worker Survey) from automation software company UiPath.
Whether emailing, inputting data, or scheduling calls and meetings, the majority of those surveyed said they waste on average four and a half hours a week on time-consuming tasks that they think could be automated.
Not only is the undertaking of such repetitious and mundane tasks a waste of time for employees, and therefore for businesses, but it can also have a negative impact on employees’ motivation and productivity. And the research backs this up with more than half (58%) of those surveyed saying that undertaking such repetitive tasks doesn’t allow them to be as creative as they’d like to be.
“When repetitive, unrewarding tasks are handled by people, it takes time and this can cause delays and reduce both employee and customer satisfaction,” Gavin Mee, Managing Director of UiPath Northern Europe tells Business Chief. “Repetitive tasks can also be tedious, which often leads to stress and an increased likelihood to leave a job.”
And these tasks exist at all levels within an organisation, right up to executive level, where there are “small daily tasks that can be automated, such as scheduling, logging onto systems and creating reports”, adds Mee.
Automation can free employees to focus on higher value work
By automating some or all of these repetitive tasks, employees at whatever level of the organisation are freed up to focus on meaningful work that is creative, collaborative and strategic, something that will not only help them feel more engaged, but also benefit the organisation.
“Automation can free people to do more engaging, rewarding and higher value work,” says Mee, highlighting that 68% of global workers believe automation will make them more productive and 60% of executives agree that automation will enable people to focus on more strategic work. “Importantly, 57% of executives also say that automation increases employee engagement, all important factors to achieving business objectives.”
These aren’t the only benefits, however. One of the problems with employees doing some of these repetitive tasks manually is that “people are fallible and make mistakes”, says Mee, whereas automation boosts accuracy and reduces manual errors by 57%, according to Forrester Research. Compliance is also improved, according to 92% of global organisations.
Repetitive tasks that can be automated
Any repetitive process can be automated, Mee explains, from paying invoices to dealing with enquiries, or authorising documents and managing insurance claims. “The process will vary from business to business, but office workers have identified and created software robots to assist with thousands of common tasks they want automated.”
These include inputting data or creating data sets, a time-consuming task that 59% of those surveyed globally said was the task they would most like to automate, with scheduling of calls and meetings (57%) and sending template or reminder emails (60%) also top of the automation list. Far fewer believed, however, that tasks such as liaising with their team or customers could be automated, illustrating the higher value of such tasks.
“By employing software robots to undertake such tasks, they can be handled much more quickly,” adds Mee pointing to OTP Bank Romania, which during the pandemic used an automation to process requests to postpone bank loan instalments. “This reduced the processing time of a single request from 10 minutes to 20 seconds, allowing the bank to cope with a 125% increase in the number of calls received by call centre agents.”
Mee says: “Automation accelerates digital transformation, according to 63% of global executives. It also drives major cost savings and improves business metrics, and because software robots can ramp-up quickly to meet spikes in demand, it improves resilience.
Five business areas that can be automated
Mee outlines five business areas where automation can really make a difference.
- Contact centres Whether a customer seeks help online, in-store or with an agent, the entire customer service journey can be automated – from initial interaction to reaching a satisfying outcome
- Finance and accounting Automation enables firms to manage tasks such as invoice processing, ensuring accuracy and preventing mistakes
- Human resources Automations can be used across the HR team to manage things like payroll, assessing job candidates, and on-boarding
- IT IT teams are often swamped in daily activity like on-boarding or off-boarding employees. Deploying virtual machines, provisioning, configuring, and maintaining infrastructure. These tasks are ideal for automation
- Legal There are many important administrative tasks undertaken by legal teams that can be automated. Often, legal professionals are creating their own robots to help them manage this work. In legal and compliance processes, that means attorneys and paralegals can respond more quickly to increasing demands from clients and internal stakeholders. Robots don’t store data, and the data they use is encrypted in transit and at rest, which improves risk profiling and compliance.
“To embark on an automation journey, organisations need to create a Centre of Excellence in which technical expertise is fostered,” explains Mee. “This group of experts can begin automating processes quickly to show return on investment and gain buy-in. This effort leads to greater interest from within the organisation, which often kick-starts a strategic focus on embedding automation.”