Digital disruption and business security - are they compatible?
Roger Smith
4 x author on securing #nonprofits, #SMEs, Associations and Charities from cyber events using enhance #cybersecurity concepts. Start now, do the self assessment and get your baseline!
We have been told digital disruption will change the world. In a number of ways, yes I think that is correct. Where I see a problem is the simple fact that although digital disruption will change the face of business, cybercrime will not be far behind.
Our adoption of digital disruption platforms has to be tempered with our protective business security practices.
We often forget the situation that brings digital disruption to the fore.
The 2 most noticeable in the last 5 years have been:
- Social media and the integration of social platforms into the business world. For communication, marketing, sales, inward bound information there have been substantial influences from these social environments.
- The other is cloud-based technologies. The ability for SMEs to change from capital expense to operational expense can not be more highlighted with the adoption of cloud systems. It has allowed small organisations to compete against the giants of their industries.
In both cases the impact on business has not only been influential it has been cataclysmic.
They have changed business itself!
What we forget though, where the people/business move to, the criminals will follow.
Initially, the introduction of any digital disruption platform is reliant on businesses taking the leap and impacting their business. Whether it is first to market (huge change) or a new business model (not so much) the people at the bleeding edge see a huge change.
Financial, reputational or even systematic, these changes are seen by others as the way to go in today's business world.
From there everyone else is now playing catch up. The more people who see the benefits in the change, the more organisations embrace the change. Embracing the change allows for more business to go through that platform.
We eventually get to a position of saturation and once there these systems and platforms become targets of crime.
We rely on these digital capabilities to make our lives easier. The criminal elements rely on them to further their criminal enterprise and to make money off us in any way possible.
We have been programmed since the early 2000s to do stupid things in the digital world. From clicking on links in email all the way through to trust, everything has come about because of our lack of vision when we started using the internet for other than recreational purposes.
I have had conversations with board members and C level Executives where they have got pretty heated over the fact that I do not include links in my email. That is until you explain the reasoning to them.
Like the proverbial genie and pandora's box, we cannot put it back.
We cannot go back, although many of us would love to.
If we cannot put it back we have to make a change for the better.
How do we do that?
There are 4 fundamental strategies that everyone can deploy that will improve their security and make it harder for criminals to target them.
These are cultural and attitude changes:
- Trust no one - from the lowly receptionist to C level execs and board members, trust is something that has to be earned. It is also something that has to be constantly proven.
- Get paranoid - everything we have is connected to the digital world - the internet. Because of this connection we are targets of cybercrime, nation-states, and even our own governments. We have to be digitally paranoid to survive.
- Increase awareness - watch what is going on around you, around your social media platforms, around the internet in general. There are often reports in your social feed that could have an impact on you, your technology, your PII and your money.
- Lie - forget what happens in the real world where lying is frowned on, one of the best things you can do in the digital world is to lie about information. There are a number of places where you cannot lie (I.E. health, bank and government records) but all the rest are open slather. The muddier the waters the better it is from a privacy and security perspective.
Digital disruption is driving the business world but it has to be tempered with our ability to ensure the security and privacy of the data no matter what. All digital projects need to be tempered with that requirement.