As Internet penetrates, the world will continue to transition markets and businesses into the cyberspace from the meatspace. Consequently, individuals, firms and nations will do more transactions online. Online business and communication offer speed, efficiency and cost reduction.
Nonetheless, as cyber culture increases, governments, firms and individuals will be faced with digital terror, digital fraud, and intellectual property thefts, among others. The solution is not to decouple from the cyber community; rather, to develop a holistic strategy that will mitigate these threats.
During my days as a bank IT infrastructure administrator with certification in Cisco technologies, I noted some points on what firms and individuals can do to protect themselves. The following are updated suggestions on how to stay secure in a digitalizing world for the trio of governments, individuals and firms.
- Establish IT Security Policy
Many organizations do not have IT security policy. That creates vulnerabilities for them. Irrespective of your size, you must have a policy that ensures that your firm’s digital asset is well secured and protected with steps defined on how those will be done. Understand that your cyber threats are not just from the computers, those Smartphones are internet nodes and could destroy your firm’s competitiveness. As staff accesses more office data via these phones, you must have a policy to ensure that you have your data secured. There are many Wi-fi enabled devices today; those are potential threats if they can compromise your data. Even a GPS location system could harm your strategy if it can reveal to the whole world where your marketing directors are going. You must specify how those marketing team use those solutions.
- Train Your Staff
While you can have an IT Security Policy, that is not enough. Every firm must make sure that staff understands this policy and what they must do to keep the digital ware safe and secured. Do not assume anything. And this training must be continuous; as the digital threats evolve, you must update the knowledge of your staff. My business offers a good training program for companies.
- Make Your Staff Partners
This is perhaps the most important for financial institution. The most threats come from the staff or what they call internal customers. While you can have policies and tell them what they do, you must ensure that you have ethical and honest work teams that are dependable. It turns out that many IT security issues in financial institutions happen due to mistakes or involvements of staff.
- Under Industrial Espionage
Assume that in this ultra competitive world that your firm may be under attack. Understanding this means you must develop ways to curtail it. You must protect your trade secrets; otherwise your survivability can be compromised. Think through the ways you package your technology and how you relate with your customers if there are potential threats to trade secret. Also, assume that some other firms in other nations may want to steal from you. Be vigilant.
- Get Data off the Web
In the most critical instances, the most secured data are those which are not online. You can disconnect your very important servers online or dynamically in sequence change their network addresses. It is not all machines that have to be online. As a young graduate, I told a former university chancellor who was opening a tax business that one machine must be offline since he could not guarantee that it cannot be hacked. In the same way, build a network where you create a cushion between your most critical server and the web. In other words, have a redundant server between your critical data and the web so that any attack will first hit that redundant one.
While the digital world makes life so cool, it could also destroy life. Have a backup strategy irrespective of the size of your business. Never assume that the computers will be working. And when you backup, use a protected storage device. I have come to like Flash Memory Keys that are password protected for individuals. For big firms, there are tapes which are developed for this that can store lots of data. For banks, they not only have to backup, they must move the backup away from their locations. In other words, when you backup in Victoria Island, you can store that backup in Ikeja (both in Lagos State, Nigeria). For big organizations, you may have to move to another state with a larger geographical spread.
This is important since if a natural disaster happens in Victoria Island, you can easily recover and continue operation in Ikeja. For the most critical institutions, you can do live off-site backing where data is sent live to an offsite that is in another state or even country. Again, that communication must be well secured.
Note that using Dropbox can be a very successful backup strategy. Backup has been simplified in this age.
- Use Bank Vaults
When I came to the United States from my home nation, I used bank vaults for all my important documents. As a student in the graduate student living area, I was not confident to leave my data there. That made sense since losing the items could be problematic. The same goes for some company IT backups, if you cannot store in a good secured place, use a bank vault, where available.
- Individuals, Move Tax Documents off Computers
Until I started working and could afford to upgrade my personal computers with good security software, I never stored any of my tax documents in my computer. In short, I do not now even though my computers are protected. I have this understanding that my small machine cannot keep up to date with hackers since they have more resources and I do not want shocks. What I do is this, as soon as I finish completing my tax documents online, I save the PDF document on my laptop. I do that after I have put my computer off the Internet. Quickly, I move the data to my flash key which is password protected and print a hardcopy. I then delete the file and reconnect to the web.
- Develop Your Security Tools
For big organizations with more major threats, it is not all security tools that can be bought. The more security tools diffuse, the more hackers or bad people try to compromise them. So, if all uses one security tool, the risk of breaking it is higher than the lesser used one. During my master’s programs (in Information Technology), I developed a simple metric to determining when to buy or build. The more market share a security software gets, the lesser points I assign it, as I assume that its risk profile correlates with market penetration. That is counter-intuitive, but it makes sense. My point is that lesser known solutions are not prime targets. If you lack ability to build, negotiate for a custom solution that will not be distributed to the mass market.
For military, I even imagine them getting a different kind of network since they have allowed us to use the present one. It makes no sense that Pentagon and Nigerian military command use the same net backbone I use in my house. They need different ways of getting into the web, the rest of the bad boys cannot understand. The same goes for how you store data on cellphones and other Apps. They are threats and you must follow up.
- Finally, UN-Backed Cyber-Weapon Non-Proliferation Treaty
We have the nuclear; yes, we need the cyber equivalent in this world. While nuclear bombs are dangerous and quick destroyers, cyber weapon can kill slowly a nation’s economy and long-time competitiveness. United Nations must step up and provide leadership to ensure our digital world is safe for next generation. In a piece, I noted: “our future wars will not be fought with machetes and guns, but by bits and bytes”. Yes, we can destroy our modern economy if cyber-wars escalate. And that is why we need non-proliferation treaty on cyber-weapon. When Elon Musk talks of AI World War, that is the higher end of that cyber-weapon, because the AI wars will be fought online. UN needs to lead here.
----REGISTER for my Innovation for Growth Workshop, Lagos, Sept 2018.
---Visit our Store for my books, cases, frameworks and more. Now, enjoy our consolidated subscription for all contents (past, present and future).
-- We offer Advisory Services (tech, strategy & Africa).