BlogBusiness NewsKnowledgeUncategorized

The Best Way To Educate Your Board on Risk Management and Compliance

In Blog, Business News, Knowledge, Uncategorized on

A Gallagher report describing how over 50,000 SMEs could be affected by a ransomware attack was a huge wake-up call for businesses to take risk management and compliance seriously.

At Net-Defence, we view it as our responsibility to educate organisations on risk management and compliance. This is why we have been taking our round table talks into business boardrooms and to events for the Chartered Institute of Management Accountants (CIMA) + Institute of Directors (IOD).

At the CIMA Annual Conference 2019, we delivered the talk “How To Drop The ‘C’ Word in the Boardroom”, discussing the evolving threat of cyber and directors liabilities in this sphere. We also delivered a Directors workshop at the IOD Conference 2019 – you can read more about it here.

We want to help you tackle your business continuity plan. As we often like to remind people, “you don’t wait until there is a fire to get everyone out of the building.”

Joanna Goddard Net-Defence educating CIMA

What happens if you encounter a breach?

You only have 24 hours to log a breach before you incur a fine. This can start as a £1000 fine, but can become substantial unless you can evidence your governance measures for staff education, and comprehension testing. An employee may panic, but if they leave it until next week to report it, they have taken the company into a breach. If you have not trained and recorded this sufficiently, it wont be the employees fault, it will rest with the Directors. Either way the company is accountable with the ICO.

In 2019 one of the biggest shipping companies in the world was hacked. The impact for world-renowned shipping company Maersk was huge. Responsible for over 76 ports and nearly 800 vessels, Maersk found they were dead in the water following a fatal security breach. Without IT, the company simply could not function.

In the end, a hack costs you time and money.

Companies that already have in-house specialism encounter issues as well. Everyone must ask themselves the following questions:

  • What happens if you can’t access your device?
  • If everything is electronic. have you thought about what happens if you can’t access your systems?
  • What physical security do you have? Do you have cash reserved? Are your mobiles enabled?

It is so easy for us to rely on digital but doing so will make your business and your staff extremely vulnerable.

An average business could trade for less than a month without access to IT. Could your business continue to function and for how long?

The enduring problem

Health and Safety regulations are established on the board of each company, as required by law. But cybersecurity often is missed, despite the fact there are new reports of businesses affected by a security breach every week.

Staff are often unsure how to get cybersecurity onto their boardroom agenda as a serious point to be considered.

How to digital-proof your business

  • Consider how you access communications. If there was a breach, do you have a secured device that you can use?
  • You can put layered protections in place within your system. This means that even if someone has gained initial access to your system via a phishing email, they will not be able to break through that layer to gain further access.
  • Think about where you store data. Would you still know who all of your clients are if you can’t get back into your system? Backup is key here. A hybrid cloud solution is better than using public or private, for example.

The best possible solution is to have onsite and offsite solutions. If you are suffering from paralysis, just know that every business has to face this topic sooner or later – and no one has ever told us they regret taking risk management and compliance seriously!

Following our events at the IOD and CIMA in November, several businesspeople heard the talk and took our free advice. Afterwards, the contacted us to arrange a meeting and get a quote for our service. Once commissioned, we were able to decide on a mutual plan of action.

Our service

Our services include:

  • Cyber Essentials Accreditation
  • A GDPR Plan Gap Analysis
  • Looking at your existing business continuity plan/recommending a remediation strategy.

Through these types of learning, people start thinking about a more long-term plan and structure. It plants the seed.

We also provide a course for company directors – this education session is lead by a skilled governance risk and compliance consultant.

We have spent time building relationships in the business industry, listening to peoples’ fears and concerns, and doing our best to ameliorate them.

You can find out more about how we educate on risk and compliance by contacting the Chartered Institute of Management Accountants (CIMA) + IOD.

Or if you prefer to enquire directly, we can attend a meeting with you and your trade body.