Cyber attacks - why it's time to get personal

By Daniel Hicks, O2 Business

Cyber-attacks have featured all too prominently in the news recently. It has brought attention to what can happen to any organisation, irrespective of size. Just one PC or laptop using an operating system which is no longer supported or failing to implement patches  in a timely manner can potentially bring operations to a shuddering halt.  Or lead to significant data corruption or loss. It has the potential to impact brand confidence, and potentially leaves the door open to significant fines, such as with EU General Data Protection Regulation (GDPR).

And even with all the best laid plans, there’s one area that, if not managed well , could be your biggest vulnerability – your people.

For example, employees needing to be extra vigilant when using passwords in public, using wifi without proper encryption, and being cautious of suspect attachments within emails. More importantly it also includes the people working in the IT department.

Behind the scenes these IT network and IT security professionals are making sure the day to day operations run smoothly, from IT systems through to data compliance obligations. But when your IT is compromised they’re the people who must be able to take action as quickly as possible to reduce the potential impact.

There are some clear markers of good practice when it comes to IT personnel. It starts with a strong IT management team that has the knowledge to understand when immediate action needs to happen. This team needs to be empowered and trusted even when the decision might be disruptive; shutting down the network or email servers may cause some initial pain, but it avoids significant damages if the issue were to spread to other systems and servers.

In addition you need IT operations people  who understand your IT network back to front and inside out, to support that management team. These folk typically have a very different way of thinking and analysing, of knowing when things are “wrong” – they’re a unique breed. In fact, you might find that these people are the ones you need to fit your organisation around, instead of them fitting in to the organisation.  The truly brilliant ones aren’t typically found in a person comfortable wearing a suit and tie every day. As such, resumes can be one of the worst ways to preselect these types of candidates. Their personality traits make them brilliant at solving complex and data intense problems, but not very good at writing cover letters or CVs. This might be a problem for the way your organisation currently manages HR, but a good reason to consider how managed services can either fill those roles, or complement your existing teams with additional skills.

Finding the perfect person to fill any role is difficult. But as we continue to rely more on IT and the compliance regulations we all face with GDPR, it might be time to rethink who you need and how you find the people that are going to protect your IT systems, data, compliance obligations, brand and public reputation. As much as cyber security is about systems and processes, a big part of it is to do with people.

If you’d like to hear about the solutions we provide to give IT teams the tools they need, or the managed network and IT Security services we provide , please get in touch or visit our website.