Can Better Information Security Prevent What Happened to Tesco Bank?

Can Better Information Security Prevent What Happened to Tesco Bank?

by -
0 996

The number of organisations that have made any correlation between SAM and Information security, with the notion that it will help mitigate the risk of cyber-attacks, is nowhere near as prevalent as it should be.

Tesco Bank Security Breach and Software Asset Management from Crayon

The EU data protection regulations (GDPR) will become law in less than 24 months and will dramatically crank up the need for organisations to implement improved information security and data protection regulatory measures. The new GDPR ruling says that organisations like Tesco, if falling under the classification of a “data controller” and if found non-compliant, could have faced fines of up to £1.94bn, as noted by V3 here.

Why? In this financial year, as of Sept 2016, Tesco had a turnover of £48.4bn and under the new ruling would face a fine of 4% of its turnover. But would being compliant make any difference and is there more organisations can do now?

The wording around the new ruling is deemed poor by many and it may not be 100% clear whether it applies to some or all of an organisation. However, organisations should not be waiting around for that clarification.

Surely it’s time that information and cyber security – along with data protection – reached the top of the CxO agenda? There is much you can do today to protect your business in the future.

Business leaders need to raise the profile of cyber security in the boardroom. Indeed, security should be high on the CxO’s agenda. Many CEOs probably started their careers when their business was paper-based and in the minds of many perhaps that’s how the business still operates. They often don’t realise how IT has and continues to transform their business, with many still viewing IT security as purely an IT problem.

The same can be said for IT Asset Management (ITAM) or Software Asset Management (SAM). Many organisations will recognise a need for SAM to maintain license compliance, but it’s often way down the CxO agenda in terms of strategic planning. Needless to say that the number of organisations that have made any correlation between SAM and Information security, with the notion that it will help mitigate the risk of cyber-attacks, is nowhere near as prevalent as it should be.

So how can an organisation put measures in place to try and get its IT security fit for purpose?

 

Here are 10 important things you can do now:

  1. Ensure ITAM/SAM and data/cyber security has senior executive sponsorship
  2. Get full visibility of your hardware and software assets
  3. Understand who is using those assets
  4. Rationalise the amount of software titles you use
  5. Standardise software versions and editions
  6. Make sure security patches are kept up-to-date
  7. Ensure firmware is regularly updated
  8. Set strong passwords and security policies
  9. Have clear policies around bring your own device (BYOD) and enforce them
  10. Ensure that you introduce and maintain a best practice management and technology governance framework across your IT estate to manage your assets effectively and limit risk

 

These ten steps will help you start to mitigate operational, legal and financial risk. In addition, they’ll provide the foundation for optimisation and strategic decision making to ensure you’re delivering ROI on complex technology investments.

I am the Group Chief Marketing Officer at Crayon. My team are focused on driving enhanced lead generation campaigns and nurturing for our sales organisations across multiple geographies though the utilisation and coordination of all online and offline communication channels. We are driving increased brand awareness in the business's core competency areas of Software Asset Management (SAM), cloud and volume licensing solutions and associated consultancy services. I have over 20 years of senior business leadership experience within direct marketing/direct sales and mass distribution businesses, in both the B2B and B2C markets serving on the boards of both private and public multinational corporations.