To err is human, but to really screw up takes technology – and given technology is created by humans, by definition it is flawed. That’s why the ‘white hat’ hackers are hired by tech companies and IT departments – it’s an admission of guilt that their technology has holes in IT. They know ‘black hat’ hackers will get in, no matter what preventative measures they take.
At best, security can only ever be a temporary preventative measure to delay any breaches of data until the hacker’s have found the inevitable flaws that always exist. You have to remember that security is both the technology itself as well as the people charged with its use. So, not only are there flaws in the technology, but also there’s the issue of the behaviour of the employee, either yours, or 3rd parties that you rely on. And whilst training is again another preventative measure, it too is not exhaustive in filling the process holes.
Research published this week shows that security has risen to a staggering 15% of IT budgets. Probably not including training. Probably also not including contract reviews involving legal with 3rd parties, be they suppliers or partners who need access to your systems, whose processes and systems are flawed too. And finally probably not including the Cloud provider’s uplift in security provisions. And definitely not including all the time being spent by managers and executives worried about how secure their data is, what the resilience plans are, and how to make IT a value-add versus just a cost centre.
But let’s have a look at the risk you are taking. TalkTalk, who were publicly embarrassed in the Press not once but twice last year, today announced that their profits halved. The clean-up cost to them was some £30m. Their CEO epically said re security, “the higher you build the (fire)walls, the longer the ladders the hackers use.” Then there’s the fine handed down from the Information Commissioner’s Office: £500,000. Who knows what law-suit damages and legal costs they are still expecting from disgruntled customers who had their Privacy undermined. One also suspects that the cyber security insurance premiums have also risen. The overall damage to their Brand is reflected in the 25% drop in share price.
So, what do we do about this thing called Privacy? Well, actually, I agree that data protection measures are sensible. And, moreover, it is worth having a data strategy. Not all data should be treated equally – from sensitive to private, personal to operational data. But be clear in your mind that yours is a customer and employee centric organisation – 96% all say their number one concern is online Privacy. So, address that. Privacy is when you are naked in the bathroom and someone can’t see through the hazed windows. Security is checking that the sockets in the bathroom don’t contain a hidden camera. You should have a plan for both when it comes to Privacy and private data.
Given a choice, I would prefer to have a pee in the ocean out of sight, rather than on the beach where everyone can see me. The point about Privacy being that you are better removing your private data than trying to shield it in a public place. The internet is the most public place on the planet. This is the premise of any data strategy – how do you give employees and customers alike the ability to remain private? How do you ensure Privacy is aligned with a customer-centric data strategy? How do you run an organisation in today’s connected world whilst still respecting the Privacy of employees and customers?
Going through the process of transitioning from the cyber-insecure business you run today to an approach that builds trust back up again, yet allows all players in the supply chain to continue to seamlessly transact should not be daunting. With a simple framework establishing the modus operandi with employees first and a sense of confidence in the outcome, it empowers your employees as a centre of excellence to champion the model with customers. Early concerns can be ironed out with the first handful of employees as new processes are tested and adopted. “Start small, grow fast” as Lou Gerstner, ex-CEO of IBM used to say when he showed how IBM was the first ever eBusiness, before taking the concept to the market.
Similarly, LifeBank has, by becoming a model Privacy enterprise internally, done the hard work for you already and developed a toolkit with the supporting Privacy platform to transform your organisation into a Privacy 2.0 business… one ready for the Internet of Everyone that respects the Privacy of each and every single one of us. LifeBank already has templates for employees and customers both, across the major industries, and is multi-language. With Privacy so high on the agenda today, why waste time in re-inventing the wheel? Email firstname.lastname@example.org today to get the ball rolling.