Our Senior Communications Strategist Peter Trevaskis writes on the reputational risks of mishandling and mismanaging cyber security risks for businesses.
What do Canadian mariners, the country of Sweden and Sydney’s police force have in common? Unable to draw even the most random of links, I’ll just let you know they’ve all committed to creating dedicated cyber security centres in the past few weeks, a point that highlights the growing breadth of a largely invisible, but very real issue facing us all.
So, while Canadians develop cyber security solutions for their maritime industry, Swedes aim to stop a repeat of cyber attacks that targeted its major corporations in 2020, and the NSW Government looks to better equip its police to deal with the issue, cyber threats are not just the domain of large industry, governments and law-enforcement.
Last March, when we were all forced to work from home in a rush and started meeting via the little cameras in our devices, our main thought was how to conceal the junk piled up behind us, or to make sure we weren’t on mute. However, the need to adapt and find digital solutions to everyday tasks also presented an opportunity for those with sinister intentions to take advantage of vulnerabilities created by the impacts of COVID.
Cyber security breaches and hacking aren’t new (as any fan of 1983’s WarGames will tell you), however an increasingly inter-connected and automated world means there are more access points to secure, more passwords to remember, and while fingerprint verification and two-step authentication ensures your mobile phone and favourite app can’t be accessed easily, COVID is creating much larger problems for individuals and organisations.
Many businesses and even whole sectors report an increase in productivity among the many benefits of remote working during the pandemic – the ease with which Melbourne office workers moved back to remote working during this week’s ‘circuit breaker’ is another – however these benefits have been at the sacrifice of firewalls and secure network connections, benefits historically found working in a traditional ‘office’ environment.
As workplaces continue to plug security gaps, upgrade protocols and turn the COVID quick fixes from last March into full-time solutions, additional threats continue like phishing attacks and data breaches from unknown origins. These breaches are occurring on an increasingly regular basis and even those organisations (as well as mariners, governments and police forces) who take the necessary precautions aren’t immune.
Malicious emails containing malware that look like a legitimate link from finance, or a request to open an attached document sent from someone with the same name as your manager or colleague are becoming commonplace. If you’re someone with a busy inbox, it can be easy to miss the increasingly subtle details that the request, or its origin, aren’t what they appear to be.
Similarly, organisations that store large amounts of personal and financial information, whether in the cloud or on servers, walk a narrowing tightrope as they balance the need for ‘access anywhere’ information with the requirement to ensure private customer, patient or user information remains just that, private.
In addition to the impacts on your staff, customers or patients whose data is accessed – which depending on what data this is, can be incredibly distressing for them – data breaches can also cause significant reputation damage for your organisation.
Because of how prolific cyber attacks are, your organisation is unlikely to be judged on the attack itself. What you will be judged on is how you managed and responded to the situation. This is where your reputation is most at risk. Your staff, customers and stakeholders will want to know:
- if your operations are impacted – when will they be back up and running?
- were your systems and processes up to date
- how long it took you to identify and respond to the attack
- how quickly you let people know their information may have been accessed
- what you have done to prevent this from happening again
- what support is in place to help people impacted by the attack?
While the focus on preventing cyber security issues is constant and becomes a more prominent discussion when larger breaches occur, there is rightly a focus on technology, software and educating staff. However, there must also be preparations to plan for attacks and data breaches to mitigate their risks and ensure the right people know what to do if, or when, the time comes.
If you think you or your business needs to prepare for the ‘what if’ should a cyber security issue occur, or you’re in an industry where storing and handling personal or sensitive data is a daily occurrence, feel free to reach out for a chat and to see how the team at Bastion Reputation can help prepare you to communicate the worst-case scenario so you can get on with doing what you do best.