Seven tips to help you stay one step ahead of a cyber threat

By Tom Mullen, Head of Cyber Security, Telefónica UK

I’m the Head of Cyber Response for O2 – a position that gives me first-hand insight into the security needs of large organisations, especially as my own role is to protect O2 customers’ personal data – something that underpins the trusted relationships our business depends on.

All organisations have sensitive data that could be worth a great deal in the wrong hands. Yet it can take as long as 229 days (nearly 8 months) to discover a network breach (Mandiant M-Trends, Beyond the Breach, 2014 Threat ReportNo wonder the cost of cybercrime to UK business is £21 billion, according to a government survey.

Protecting data is seen as so critical that fines are due to multiply to €100 million (or up to 5% of annual worldwide turnover) if companies fall foul of the EU General Data Protection Regulation. There are important reputational considerations too.

So why wait until new legislative measures come into force to take steps to improve your protection? A security breach can cost a lot to put right (not to mention the task of rebuilding public trust if personal data has been put at risk) – costs which could be avoided with forward planning.

I recommend a strategy of being proactive, so you‘re always one step ahead of any new threats. See below for my seven top tips on how to put this kind of strategy into action:

  1. Approach security from every angle, with solutions that target every type of threat – and which are continually refreshed to guard against the very latest risks.
  2. Start with an information risk management strategy which spans your IT network and everything that runs across it.
  3. Don’t forget remote and home workers and include comprehensive provision for mobile users. Access rights may need to be varied too – by user, device and location.
  4. Drive security initiatives from the top of the organisation and communicate well. The more employees use their own devices for work, the more critical it is that they understand any restrictions to data access.
  5. Consult the latest cyber intelligence to keep protection up to date, and keep proactively monitoring.
  6. Make sure your organisation has a clear plan for incident management.
  7. Consider outsourcing some or all of your security needs to a specialist service provider. This will ensure round-the-clock vigilance, proactive threat monitoring, and comprehensive security certifications, while freeing up the IT team to focus on the day job.

All organisations have a responsibility to help make the Internet a safer place too, improving the online experience and building customer confidence in digital financial transactions. By going the extra mile, you can start to build capital from your security initiatives – so that, rather than being a cost, they start to add value for the business.

If you want to know more about how my team approaches and manages security at O2, why not get in touch? We’re continually exchanging tips and techniques with others across the security industry, knowledge we’d be delighted to share.

To learn more about how O2 helps enterprises manage cyber security, visit