Viewing archives for Risk management

Learning from Travelex

Due to a cyberattack, Travelex, the world’s largest foreign exchange bureau, has been paralyzed for weeks. The reputational and financial impact on the company and its senior leaders will be severe. New laws and regulations, like GDPR and NY Shield, mean that such breaches can no longer be swept under the carpet, and the business losses will be compounded by huge fines.

Travelex is a wake-up call to all businesses. In today’s cyber-risk environment, maintenance of your basic IT infrastructure and services is critical to remaining profitable and even staying alive. You may be concerned that if a giant like Travelex gets hacked, how can a mid-market company protect itself? It’s actually pretty straightforward.

When we engage with clients, we talk about “getting the basics right.” A fundamental part of that is making sure the IT infrastructure and services are fit-for-purpose and up to date. If the basics aren’t right, then there’s no hope of looking at ways to use technology to grow the business and get ahead of the competition.

To provide you with a head-start, here are your first nine priorities:

  1. Prioritize systems maintenance. All systems and services, particularly those that are connected to the outside world, must be kept up to date with the latest software patches. The IT team or your Service Provider must review and update systems in a regular, controlled manner.
  2. Review your backups. Many malware infections encrypt your data and hold it for ransom. Frequent backups mitigate the chance of you losing everything. A regular complete backup of data stored somewhere with no connection to your systems – what’s called an air-gap – will greatly limit the damage of an attack.
  3. Get a penetration test. Get a reputable security company to undertake an external penetration test of your systems and services. Resolve all the concerns raised in the results. Find your vulnerabilities and patch them before hackers find them for you!
  4. Get certified. Spend some money, usually less than $12k on earning the Cyber Essentials Plus certification. The process involves making your technology secure, and we’ve seen clients win new business after being certified.
  5. Lock down your data. Each individual in your business should only have access to the data they need to do their job. This minimizes the risk of data loss should they leave with it or accidentally click a malware link. Allowing employees wide-ranging access to data is asking for trouble.
  6. Invest in protection. Keep the bad guys out with well-configured firewalls, anti-spam email systems, malware detection software, and pro-active Day-0 protection systems.
  7. Get some insurance. Cyber insurance covers the losses resulting from a cyberattack. It can also aid with the management of the incident itself, particularly reputational damage and regulatory enforcement. Crime insurance covers the loss of money due to theft, fraud or dishonesty and includes theft of money by hackers. Add cyber insurance and crime insurance to your portfolio as separate policies, not just add-ons to existing business insurance.
  8. Train your staff. Your employees are the most vulnerable security point in your business. The more they know what to look for and what to do, the better your chances of avoiding an attack. Training is essential for all new staff, and it needs regular refreshing for the whole business – including you!
  9. Plan for the worst. Even with all the above nailed down, you still need to be ready for the worst. Sit down with your top team and discuss potential disasters and plan your way out of them. Who would be in charge? Who is authorised to make major decisions on the spot?

Will Travelex survive this attack? Who knows – the reputational and financial damage may be terminal. But by following these nine steps, you can avoid that fate for your own company.

For more information see our Knowledge Center about Cybersecurity.

Freeman Clarke is the UK’s largest and most experienced team of part-time (we call it “fractional”) IT leaders. We work exclusively with ambitious organizations, and we frequently help our clients use IT to beat their competition. Contact Us and we’ll be in touch for an informal conversation.

Board action plan: 10 steps to Digital Transformation

Ambitious business owners will always look for ways to improve the way their organisation functions. Digital transformation is just one way. It enables a business to function more efficiently and in the long term with greater cost savings. But to see any of these transformations occur there is a requirement for a solid IT strategy that fits in with the overall business strategy and an experienced technical leader to help you get there.

This is our final piece in the DT series and is the Board action plan that will help you get started on your own journey. It covers ideas around automation and artificial intelligence, risk analysis, data visualisation and much more which are all achievable if you’ve got a vision and the right people to get you there.

So what exactly is Digital Transformation?

For our clients, Digital Transformation simply means using IT to deliver dramatic improvement. That’s different to just an upgrade or fixing some niggling problems. It means: using IT to make a significant change for the better.

That may just mean simple IT done well – that’s surprisingly rare! Or it may mean genuine technology innovation, something that is breaking new (or new’ish) ground.

We simplify this issue by defining 4 different kinds of transformation:

1. Market break-through
2. Wow customers
3. Internal redesign
4. Tame the risks

For an explanation about the 4 types, read our original post.

Subscribe to our Business Insights

Plain English board-level briefings focused on technology strategies to deliver competitive advantage and business success.

* Please enter an email address
newnewsletterrecipient

You can unsubscribe at any time.

Thank you.

You’ll now receive regular expert business insights.

Call us on 0203 020 1864 with any questions.

Graeme Freeman
Co-Founder and Director

Subscribe to our Business Insights

Plain English board-level briefings focused on technology strategies to deliver competitive advantage and business success.

* Please enter an email address
newnewsletterrecipient

You can unsubscribe at any time.

Thank you.

You’ll now receive regular expert business insights.

Call us on 0203 020 1864 with any questions.

Popular content for CEOs

Latest briefings written by IT experts
I would like to receive:

Popular content for CEOs

Latest briefings written by IT experts
I would like to receive: