PLACING CYBER AND PEOPLE ON EQUAL SCALE

07 June 2017

Organisations are starting to pay attention to cyber risks but it is important not to forget to invest in their human assets.

As organisations are becoming increasingly reliant on technology, risks have also become more cyber-oriented, along with the security and risk mitigation measures needed to address them.

For example, an organisation’s data may be targeted by malware, which can then in turn interfere with numerous other elements of a business such as business activity, key internal systems or ongoing availability of supply chains. Equally, technology is continues to become central to security measures and risk mitigation – whether it is enhancements in number plate recognition, greater remote monitoring capabilities, or personalised technology, such as biometrics.

When it comes to attacking organisations, criminals go for the weakest element and/or the easiest target. Consequently, Australian organisations are continually adapting and updating their technology and security measures, while other organisations, often in other parts of the world, suffer new kinds of criminal activity.

People risks

While the deployment of technology is a key battleground for organisations in their fight against criminals, this should not distract organisations from the importance of their human assets.

Security for organisations often comes down to people. For instance, a large-scale robbery, such as the Hatton Garden jewellery heist – believed to be one of the largest in British history – usually involves some kind of insider-provided information.

The recruitment, continuing training and care of your workforce is therefore vitally important. Aside from potentially leaking information that could be abused by would-be criminals, unengaged or dissatisfied workers are capable of sabotage. Also, and perhaps most importantly, employees are capable of unintentional human error.

Your human assets can also be a strength, however, if you recruit good people, treat them well, train them correctly and equip them with good contingency plans. By doing this you can minimise the aforementioned employee-related risks, and minimise staff turnover – which itself often increases employee-related risks.

Stronger workforce

So what can be done to optimise your workforce as a form of risk mitigation?

As well as regular refresher training courses, checks and procedures, operational segregation and physical security, we’ve started to see clients invest more in activities and programmes to improve employees’ engagement and wellbeing.

The challenges of recruiting and maintaining a highly skilled workforce are often amplified when a company has several offices spread over many countries – each with a slightly different cultural and social climate.

In such cases, it’s vital that the recruitment and management of employees reflects the organisation’s broader values but also the cultural and social particulars of the region the offices are based in.

When opening an office in a new territory, it’s usually expedient for an organisation to recruit from employees from a range of different backgrounds – such as technology, the military, finance – so that they’re not dependent on any single talent pool.

It’s also advisable to try to source at least some employees from the local community, as this can help to create a sense of identification and loyalty between that community and the organisation, which might otherwise be more likely to be perceived as ‘fair-game’ by potential criminal.

By investing in people equally as in cyber risk, organisations reduce their risk of cyber incidents with the added benefit of an engaged and proactive workplace.