Information security breaches can impact business reputation, performance and profitability, so why do we leave these business fundamentals in the hands of the IT department?
With directorial responsibilities only going to increase in this area, business leaders can no longer wash their hands of responsibility for information security; they must get their heads into the game.
The easiest way to do this is to think of the management of information security as a game.
Like any game there are set rules, understood boundaries and clear goals. The coach or the leader’s job is to make sure that the players are equipped with everything they need to be able to play within these parameters, while also being innovative, challenging boundaries, and finding a formula to gain their team the advantage.
Internationally, businesses use a range of security frameworks to establish boundaries and rules, and ultimately let the business do what it does best, but security frameworks are a relatively new concept for New Zealand businesses.
Below are six reasons why New Zealand business leaders should be starting to talk about security frameworks:
1.0 Security and the need for speed
Having a security framework is about speeding up, not slowing down. The best analogy is the brakes on a car. Most people consider brakes essential for slowing down and this is true, however, they also let the driver go faster.
A security framework is the same. If you have the correct one in place, setting rules around different processes, then a business can perform more efficiently with a lower security risk.
2.0 Every business has valuable information
Whether it’s intellectual property, brand, product or service information, or customers’ personal and financial detail, all businesses have information they wouldn’t want others to get their hands on.
Information is a valuable asset and losing it can have serious implications for reputation and trust. So giving the IT team the responsibility to protect it, is limited. Protecting one of your most valuable assets is everyone’s responsibility, leading us to our next point.
3.0 Cyber security is a people issue first
From our own experience dealing with hundreds of clients, about 50 per cent of unidentified emails received by businesses will be opened by employees with around 30 per cent clicking on a malicious link. In many cases this is enough to let in an attack.
In almost all cases, there is no malicious intent internally and people just make a mistake. Often it’s caused by a lack of understanding about the importance of information and not understanding the need for processes to manage security risks.
4.0 Security issue of online and mobile information
With employees bringing their own device, working on their smartphones at home, at work or while travelling, business operations have become multi-device and location non-specific. This provides freedom and the ability to work anywhere, anytime.
This may seem like a recipe for more risk but the threat of all information being online and mobile is no greater than in a fixed location, as long as there is a framework to manage practices.
5.0 Security to support innovation and competitive advantage
A security framework supports innovation. Imagine you are in a marketing and sales team and you want to explore a new piece of software to automate emails to customers. A security framework provides the checks and balances so you can proceed.
Having defined security processes also supports trust in a business and its reputation, and this can be a competitive advantage.
6.0 Security as a legal, insurance and governance requirement
Security frameworks are essential to many businesses.
For instance, if you operate, or have customers, in a jurisdiction insisting on higher levels of security such as the US or parts of Europe. You may also need a security framework to secure adequate insurance, with the board taking ultimate responsibility for adequate action to be taken to protect the business.
New Zealand is no long the remote island at the bottom of the world that it used to be, and to continue to innovate and aspire to lead the world, we need to bring the security conversation to the top.