While the convenience of pulling up your bank account balance, setting up plans with friends, or taking advantage of online shopping while on the go are almost second nature at this point, it has become more important than ever to make sure you protect your personal information as well as you can. According to an infographic posted by OnlineCollegeCourses.com, about 75% of Americans have been or will be the victims of some form of cyber crime.

For businesses, it was estimated that 90% were hacked over the last 12 months, and 77% more than once. But it's not just business that are the target for tech-savvy criminals. In 2012, more than 100 colleges and universities were hacked. This included well-known schools such as Harvard, Princeton, Stanford, and Cambridge, to name a few. The large databases schools keep with personal information on students are valuable targets, since this data can then be sold on illegal trading sites or directly to marketers. 

As for social media, approximately 600,000 Facebook accounts are hacked every day. This is equal to about seven accounts every second. Mobile apps were also hacked at an alarmingly high rate. In fact, 92% of the top 100 paid apps for the iOS system had been hacked. This was 100% for the Android system. Hacking apps allows cyber criminals to disable security, make pirated copies, and substitute the original app with a malware-infected version. 

But there are some steps you can take to help protect yourself from hacking. The best line of defense is to choose a strong password. This is usually one that contains a combination of lowercase and upper case letters, numbers, and symbols. Unfortunately, many individuals still use generic passwords like 123456 or qwerty. Even a personal password containing six lowercase letters can usually be guessed by a hacker in about 10 minutes. In addition, be sure to vary your password from account to account. That way, if a hacker does manage to gain access to one of your accounts, it does not create a domino effect. 

Graphic Provided by: http://www.onlinecollegecourses.com/

A massive 48% of information leakages from the 10 Forbes 2000 companies that offered cyber attackers the most opportunity came from organisations in the financial services (banking – 30%, diversified financials – 12% and insurance – 6%)¹.

Once again the risk-based case is made for investing in cyber security.

However, this research joins a large body of case studies, publications, and media articles that focus on the risks businesses are running with regard to its information. By now most executives will be aware of the potentially large-scale impacts of poor cyber security. Yet many are still not investing to reduce the risk or change their corporate behaviours around information management. Why?

Is the evidence still not strong enough to overcome the ‘it won’t happen to me’ syndrome? Are the impacts being exaggerated and businesses aren’t feeling the pain of information loss? Or is it that in these tight economic times any “spare” money is not being invested in risk reduction initiatives that are traditionally viewed as largely a sunk cost and instead being invested in areas that offer a stronger return on investment?

Possibly all 3 but focussing on the latter, implementing cyber security should not be viewed as a sunk cost as the cyber capability you develop can provide a significant return on investment! This important area is rarely discussed in the plethora of media around cyber security with authors preferring to describe the latest juicy scare story.

Yes, there are people, organisations, States trying to get hold of your information. That isn’t going to stop. Yes, organisations are on the whole quite bad at looking after their information. That can change but scare stories don’t seem to be having the desired effect on the Board room to invest in cyber security (as desired by Governments ….. and security suppliers, of course!). So whilst I think it is a good piece of research, I am a little disappointed to see yet another report is focussed on the risk; the threat; and who is the worst at protecting their information.

We need more positivity around cyber security to make it more attractive to the Board room.

At the heart of cyber security is information. Whilst companies need to protect information they also need to exploit it. So why don’t more studies focus on who is the best at safely and securely exploiting their information? Why aren’t their more case studies circulating about companies who’ve successfully exploited information for substantial gain? Rather than talking about the negative side of cyber security, we, as an industry, should be talking about which companies are the most secure, the most resilient, and who has developed the most competitive advantage through safely exploiting their information? Companies who can deliver a return on investment from their cyber security and become a safe, sustainable business in this information age is, I believe, what investors and shareholders want to hear!

¹ Publish and be Damned - Cyber Vulnerability Index 2012, KPMG

Skip forward a decade or two and today cyber, or more specifically, cyber security, is one of the latest buzz words. A new buzz word but a different story is emerging …..

Arguably an evolution of the well-established IT Security market, cyber security, if done well implements holistic capability to protect your information – governance, skills, culture, policy, processes, as well as physical, personnel and IT security. By putting in place the right measures to protect your information you are actually setting up the infrastructure required to effectively and safely manage and exploit it.

So bar the addition of the word ‘safely’ in the previous sentence and the security dimensions to the capability description, I could have been talking about knowledge management. So why has cyber security not got the momentum knowledge management had in the 90’s?  Why is there not the excitement and positivity about it in the Boardroom?

In my opinion it is all down to the power of the words most commonly used in this field. Cyber Security proudly carries that word ‘security’. Many in cyber security talk about protecting information from threats or managing your information risk. Unfortunately ‘security’, ‘risk’, ‘threat’ all carry a negative stigma and investment by businesses in initiatives around these areas is as little as possible to comply with what legislation exists or to meet the rather minimal expectations of stakeholders. 

But what we are talking about is actually putting in place the capability to safely exploit your information. Exploiting information means better decisions; more timely, relevant and valued delivery. Being seen as able to exploit information safely should lead to competitive advantage. All very positive. Ergo, there is nothing negative about cyber security.

So let’s stop focussing on securing our information for its protection and start talking about safely exploiting our information to take advantage of the information economy in which we live! A business that is cyber-enabled can leverage digital opportunities, maximise profitability and gain all important competitive advantage! 

The Internet has been a playground for discovery across generations, from those in primary school to the retired who are interested in expanding their social interactions online.  However, it is not only the adventurous that are explorers: criminals are exploiting every opportunity the Internet provides – and there are a lot. Across the globe, people from all walks of life are not keeping their personal information as safe as they should be, a majority of them are completely unaware they are doing so. With access to sensitive business and personal data, the Internet is a playground for criminals. 

The questions we need to ask and find appropriate solutions to are: how can we, as individuals, protect our sensitive data? How can we ensure that organisations keep our information safe? And, as a business how can your protect your IPR – your crown jewels – from being extricated from the internet – an unclassified, un-policed, open network that we are all beholden to in some form or another.

To be proactive about information management is similar to safeguarding your house. You would never leave the house without shutting and locking your doors – some of us even set alarms and have lights on timers to ensure it looks as though someone is at home. Our online “home” should be equally as secure. With the ability to set secure passwords on all of your online accounts, whether it be emails, banking or social networking, it is difficult to understand why some of us do not take this seriously.

As a business are you sure all the windows are shut? Are you assured that information isn’t flowing out of them?  What are your policies and procedures for information management? Do your employees know what they can and can’t share, who they should talk to if an incident occurs and who within your organisation is responsible for cyber security. More importantly, are your senior executives taking their laptops, un-coded, abroad or are they using their new iPad for business purposes? The answers to these questions should be the basis of your new cyber security strategy. 

We may be living and working in the digital world where we are often reliant upon technology to function, but we must remember that it is the human application of technology that allows businesses to deliver but also that can ultimately bring down the share price, brand reputation, and bottom line of an organisation. Protecting your information should be a business priority: up-skill your staff, assure your customers that information is safe and be sure that this is the case. 

As an Internet user, you should manage your cyber security to meet your personal and business need, not those of criminals.

By Sophie Bialaszewski, Templar Executives