I know, it sounds incredibly dramatic and over the top, but I'm being totally serious.
You've got a great relationship with your IT support. They deliver on their promises, make you a more productive organisation and improve your margins so why would you not listen to them?
Surely everything they say must be gold, right?
Well, not quite.
Other than the quite terrifying fact featured in the headline of this article, there are more valid reasons to not listen to your IT support.
I have to mention here that I'm not talking about personal reasons, such as a disagreement in strategy. I also need to stress here that I have nothing against IT support. We all need IT support and I'm not writing this article from a place of hatred. IT support are incredible at what they do and I value their service very highly.
Even with that said, they could still cost your business 4% of your turnover.
So what does this all even mean? Should you now look to get rid of your IT support?
No, that would be a terrible decision as IT support offer tremendous value to your organisation.
The real issue stems from asking your IT support to venture into areas in which they lack specialisation. IT support are preservers, they help keep things running.
However, preservation is not protection.
IT support DO NOT specialise in protecting your systems, they DO specialise in ensuring your systems are functioning so that you can do your job. These are two completely different mindsets.
There is a broader term used for protecting your systems, networks and data and that term is 'cyber security'.
Here are a few cyber security statistics that you may be unaware of:
- Almost 32% of UK organisations identified cyber security breaches in 2018-19
- 27% of UK organisations had to allocate time to dealing with breaches or attacks
- 19% of UK organisations had their employees stop their daily work to deal with breaches or attacks
- 48 % of UK organisations identified at least one breach or attack a month
As you can see, the cyber threat is real, relentless and very scary. It could be any organisation in the UK that is suffering a breach at any time - including yours.
Ciaran Martin, the CEO of the National Cyber Security Centre has already said it is a matter of "when, not if" a breach occurs. He's right and this means every organisation is at risk of suffering a breach.
So, what is the solution to the cyber threat?
The Government designed the 'Cyber Essentials' scheme to protect British organisations from common cyber threats and it is proven to reduce an organisation's cyber threat by 80%.
Here lies the problem with listening to your IT support for cyber security.
Your IT support could be reluctant for you to become Cyber Essentials certified as they believe they have the necessary measures in place to protect your organisation.
They might tell you "We have a firewall, why do we need Cyber Essentials?"
I'll give you two reasons why this is the incorrect approach.
- The tools you may be using can't guarantee an 80% reduction in cyber threat like Cyber Essentials is proven to give.
- The reason Cyber Essentials can provide an 80% reduction in risk is due to the five technical controls, which are implemented in order for an organisation to become Cyber Essentials certified.
The five controls are:
Are your current Cyber Security measures really enough?
So as you can imagine, your IT support telling you that the firewall was enough on its own is incredibly short of the mark.
In fact, you'd have only 1/5 of the Cyber Essentials technical controls in place and what is the likelihood of the firewalls being implemented to the standard of Cyber Essentials? Quite low.
3. If you do suffer a breach and the ICO (Information Commissioner's Office) see that you did not have the necessary measures in place to protect the personal and sensitive data of your stakeholders, you will be fined 4% of your turnover.
So if your IT support told you that Cyber Essentials wasn't necessary, that decision would have cost your organisation A LOT of money.
This is why I'm saying, sometimes, it is best to not listen to your IT Support.
When it comes to Cyber Security, you need to speak with specialists who know what they're talking about.
You might think your cyber security is fine but how do you truly know without speaking to a specialist?
Let me put it this way.
Every three years, your car needs an MOT test. Would you allow the apprentice mechanic to test your car? Or would you trust the specialist, qualified, verified MOT Tester to test your car?
Cyber Tec Security are an independent auditor (a 'Certifying Body' for GCHQ) and specialist cyber accreditation firm that you can trust to reduce your risk as well as get your organisation certified for Cyber Essentials.
Cyber Tec Security are ready to assess, verify, fix and certify your organisation.
Cyber Essentials will identify the gaps in your cyber security measures and depending on your preference, we'll either work closely with your IT support to fill the gaps or fill the gaps ourselves - using our expertise.
Cyber Tec Security do not want to replace your IT support, we want to work with them to make your organisation a more compliance-driven organisation.