This page contains a Flash digital edition of a book.
18 southern tech 100 roundtable ... continued from previous page


security procedures would become a key feature in procurement and tendering activities. “We are on the cusp of that becoming the norm. Organisations may have put their own house in order, but no-one wants to be dealing with a ‘weakest link’.”


The Data Protection Act requires organisations to demonstrate appropriate technical and organisational measures, Wassall pointed out. Cutting edge IT may meet the organisation’s legal obligations, but, without suitable procedural training, human error through ignorance could lead to enforcement action.


White reflected that he was seeing an increase in the number of domestic and international clients requesting detailed information about the internal security measures employed at Marks & Clerk, such as in-house data storage and document encryption, which underlined the increasing importance placed on data security at board level.


for cyber security resources. ISO 20001 was not yet a high-profile aspect in the sector, although Certified Information Systems Security Professional (CISSP) accreditation of candidates was. Companies often have specific security divisions and seek to employ IT specialists with sector and business awareness. “Today, every single business touchpoint needs to be securitised.”


Securing the human element


Sharman noted that for most SMEs the cyber crime was not data loss but monetary loss, with employees being persuaded to make payments to false recipients. Lack of behavioural training, awareness of staff locations, simple double-checking with colleagues could all reduce security risks. “Unless the culture of the business is correct then these things happen, and we have seen very substantial amounts leave businesses.”


Walker: “It comes back to policies and procedures – the simple discipline of checking for the purchase order or CapEx request, for example, rather than taking it as read that an instruction should be actioned on the strength of a phone call or an email.”


Sharman: “You can be encouraged to spend a lot of money on a technological solution but fraudsters move across the system and look for the path of least resistance. The volume of fraud we see at the moment suggests that area is human.”


Sean Taylor


Why not outsource your cyber security worries?


Henwood suggested more businesses, particularly SMEs, would turn to expert external resources, with better and compliant security in place, to hold data for them and so resolve their internal security concerns. Gartner had predicted that by 2016, more than 50% of Global 1000 companies would have customer-sensitive data stored in the cloud, he mentioned.


Taking security to a higher level was a fundamental principle of public and private cloud service providers, Walker noted. Reliable secure access, should an SME suffer a fire or flood in its premises, was another benefit, plus reduced capital expenditure and affordable monthly usage costs with the cloud having provided economies of scale through centralised shared IT services.


Bloxham said GCS had created a new recruitment team to cope with demand


www.businessmag.co.uk


Passwords and future security procedures


Technology security sat well with the use of an on-demand software service like Citrix, explained Walker. Individual complex password access, two-factor authentication and usage coding to an external provider significantly reduced cyber risk for users.


Taylor suggested individual biometric access systems – fingerprint or eye retina recognition – would be a good way forward, because non-crackable ‘passcodes’, convenience, and costs were all-important to ensure security adoption.


Disclosure and Barring Service (DBS) checking of personnel was becoming more common too. “We even have our cleaners security checked,” he revealed, “ but how many people do that? Why invest in all that technology and security for your organisation, and then let someone roam around your offices at night when no-one is there?”


Wassall mentioned an airline that had hired a temporary worker and allowed


him to handle passports. Illegally he scanned passports of attractive ladies and sent them to his home. The airline did train its permanent staff in security awareness and proper IT procedures, but not its temporary employees.


Walker said every member of his workforce, permanent or temporary, was now DBS checked.


David Murray


Not only did DBS certification now enhance the company offering when tendering, but also provided “extremely valuable peace of mind.”


Bloxham warned of the HR and legal need for clarity and transparency when undertaking such personnel checking, which could be perceived as an unfair discrimination in certain instances.


Are businesses actively aware of the threat?


Raising the profile of cyber security through the national crime statistics would help, said Henwood, but most businesses only tended to react after they had suffered a cyber loss. “It’s not high enough yet on many SME agendas.”


Having a separate IT team in-house and technology monitoring and ensuring security was good news, said Sharman, but “... increasingly what you want to be seeing is that your colleagues companywide are aware of the security issue and are on message and empowered to speak out about anything suspicious, and, if in doubt, not actioning something.”


Wassall: “The risk factor is increasing significantly and many organisation still don’t appreciate what the true risks are, or understand all the consequences.” Apart from direct monetary loss, cyber crime breaches can result in data protection fines of up to £500,000 (due to increase as a proportion of turnover in 2017/18), legal compensation action by data owners, loss of trading reputation and customers, leading to staff reductions and potentially the demise of a business.


THE BUSINESS MAGAZINE – THAMES VALLEY – DECEMBER 15/JANUARY 16


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56