- This article was written and provided to the Scottish Business Resilience Centre by IT and cybersecurity provider, Waterstons.
As a cybersecurity and resilience consultant with 10 years’ experience, it goes without saying that Craig Archdeacon, head of cyber assurance at Waterstons, focusses his everyday working life on ensuring his clients’ systems are safe, secure and prosperous. But is it the most important thing in a business? He explains…
Yes, it’s important to maintain good cyber hygiene to prevent opportunistic cyber criminals from striking, but it’s also important to remember that security is there to enable the business to operate effectively and not to deter from seeking new opportunities or taking well-informed calculated risks.
Cybersecurity is extremely important to all businesses, but it’s not the only priority; adaptability and innovation are also key pillars in the overall success of a business.
It’s easy to become so focused on protecting what you have with cybersecurity, that you miss exciting new opportunities when they present themselves – so everything should have balance. After all, spending time and resource on time-intensive, draconian controls that are so difficult to navigate people end up circumventing the process entirely (thereby rendering the controls counterproductive), is a waste.
Think of it like building a house with no windows and no doors – yes, it would be very secure but would ultimately a pointless undertaking as it’s been created with only security in mind, not the basic need of liveability.
How do we apply this thinking?
At the start of any programme or project, it’s important to identify what the objectives are. Security should be one of the main criteria for success, but so should customer satisfaction, value, commercial opportunities etc. If we are failing on one front, we should re-assess our approach
A common saying among security professionals is that we are paid to be pessimistic, but not to the point where we are no longer listening to the argument of others. The response should rarely be ‘no’, but more a ‘yes, BUT…’; we are here to keep the wheels of business turning and letting the innovators do their job while keeping them safe from harm – it’s all about compromise and balance.
3. Think Risk, rather than Security!
Risk doesn’t have to be a negative; sometimes we need to take risk when there is a big pay-off, but that risk should be fully calculated – defining what is an acceptable level of risk, identifying controls to reduce issues should they materialise, and monitoring the risk on an ongoing basis.
We’re not saying cybersecurity isn’t important – after all, it’s what we spend our days doing – more that your business shouldn’t be restricted as a result of being overprotective.
Chat to the Waterstons team to find out how they can understand your needs, and build a plan to help your firm thrive.
Waterstons has been creating digital clarity since 1994, blending technology with strategy, forging long-term partnerships and delivering brilliance to businesses across the UK and Australia from its offices in Durham, Glasgow, London and Sydney.
By offering all digital services from in-house IT management, cyber security and data analysis, to consulting, mergers and acquisitions, and creating bespoke software, the team of over 250 experts has a wealth of knowledge to help any business, anywhere.