While India aspires to become a trillion dollar digital economy, it also has to prepare for cyber threats with the increased use of digital brings with it. Cyber crimes in India almost doubled in 2017, according to statistics released by the National Crime Records Bureau (NCRB). Organizations from shipping giant Maersk, to the ride sharing giant Uber, all the way to Equifax, a credit rating agency regarded as one of the largest holders of private customer data in the world, were all hit by cyber attacks.
Considering that cyberattacks are occurring at an alarming rate across the globe, businesses can’t overlook the importance of cyber security. To discuss the need for creating more awareness around cybersecurity among business leaders, People Matters interacted with CTO of Flock, Devashish Sharma. He shared how technology itself can be leveraged to ensure data safety.
To begin with, can you share how you think the corporates are at a significant risk to their data? What can be the impact of this vulnerability?
The biggest problem is lack of awareness. Industries outside tech mostly don’t realize that threat to their data security can cause a big significant risk to businesses. IBM had in fact, recently estimated that the average financial impact of a data breach is about $3.8 Mn. Further for companies at the enterprise level with at least a thousand employees, it can reach 10x or even over 100x that number.
Without realizing the impact and the repercussions, thus most businesses today are using common social networking platforms to exchange information and communicate.
Then even the businesses who have realized the consequences of data breach are not doing enough to minimize or mitigate cyberthreats. Businesses have just started to realize the importance of cyber security and are now looking for measures to protect their data.
How can leaders build more awareness and educate each and every employee about the importance of data security?
Building awareness has to be a top down focus. First the leadership needs to acknowledge the importance of keeping the data secure. As such training interventions often involve huge costs and consumes a lot of time and resources of employees, the intent firstly needs to be clear. If the leadership is not ready to drive awareness then not much can be achieved by any training or awareness session
Secondly, it is also critical to empower the IT teams to make decisions around security. Recently, there has been an increased demand of specialized roles, for instance, Chief Information Security Officer (CISO). Businesses need these new experts who are dedicated to protecting the business from data breaches and cyber threats. As the traditional IT may not be experienced or skilled enough to work on these aspects. Further the presence of such specialised roles helps even at the time of building awareness. Including the information and security team or representatives from this team while onboarding can help send a strong message to newly joined employees in making them aware about data security and its criticality.
In cases where small businesses or startups can't recruit for these specialized roles, the current IT team has to level up. Leaders have to invest in their training and ensure that they gain the required knowledge related to cyber security. The IT teams should be able to understand the policies and be aware about the kind of software they have to deploy as per their organizational context.
How can organizations ensure their data security as the business ecosystem becomes more digital? What role can technology play in building a more data secure environment at work?
Anti virus, firewalls are some basic tools that need to be in place. Then there are specialized softwares for example DLP (Data loss prevention) which basically makes sure that none of the corporate sensitive information gets leaked out of a particular network.
Many companies are also using Enterprise Mobility Management (EMM) to manage employees’ mobile devices. EMM has some rules and policies in place that monitors the phone to reduce the risk of data loss.
These softwares involve investment but the costs they can save by ensuring data safety can't be ignored.
The task of choosing the right software, putting the right systems in place and creating a robust cyber security strategy can be daunting. In-house team often lack expertise and businesses look to buy such systems and services rather than creating them on their own. This has created a promising opportunity for more firms in the cyber security sector. Not only Cyber Security firms but many service providers offering collaboration and communication tools are bringing in the data security piece and offering companies a medium to drive more engagement at their workplace without compromising data safety.
How can businesses choose the right partner and software to ensure data safety?
Business leaders or IT leaders must check if the software and the cyber security solutions are meeting the standards and are up to date with latest digital policies. From ISO Certification to SOC Certification to now GDPR, they must comply with the latest cyber laws.
As the data breach often happens unintentionally, mere sensitization for data security among employees would not be enough to mitigate the risks of cyber threat. It is absolutely critical to have structures and policies. The presence of an aware workforce along with a strong security system is the combination businesses need to protect them from cyber attacks and their impact.