Why cybersecurity is a board-level issue

Why cybersecurity is a board-level issue

25 January 2022
Get in touch

Share on social..

Author: Richard McBarnet
Chief Executive Officer, Lumina Technologies

Businesses are all too often sitting on a powder keg of risk. Managing risks of all sorts is part of your good governance process. So why is it that IT risks, which often represent the most likely possibility for harm or damage to a company, are not well understood or engaged with? If you do not already carry out regular external IT audits, then it is time to put them in place.

As an employer, you put measures in place to mitigate fire risk, including regular testing and servicing of your fire alarm and extinguishers. The risks of theft are also taken seriously, and companies always take out an insurance policy and sometimes take out business continuity insurance too. We also understand the health and safety risks, which is why we do manual handling training, ask colleagues to go on first aid courses, etc. As a business owner, I manage all these risks because the consequences would have an adverse effect on my staff and business, hence the training and insurance.

Why your company needs to take the human factor seriously

Many hackers rely on human error – hackers don’t break in, they log in. In fact, when it comes to successful phishing attacks, human error is more likely to play a part than technology. A very common tactic is one that was used recently on one of our clients. A member of staff received an email that seemingly came from her boss asking her to handle a short but urgent task. The hackers were hoping that the seeming urgency of the task would make her do what she was asked without question. However, as in many of these attacks, the email address it was sent from was not her boss’s address, and the email contained spelling and grammatical errors. These are always red flags, and thankfully the staff member had the presence of mind to forward the email to us for investigation. But other companies have not been so fortunate.

Some real-world examples we have seen first hand include a foreign property buyer who was duped into transferring half a million pounds to a phishing hacker. As the buyer was not insured or covered by UK banking guarantees, the buyer sought to recover his losses from the law firm handling the sale.

In another example a UK buyer was tricked into transferring £65k to hackers. The transfer was covered by the UK Guarantee Scheme, so the buyer’s solicitors covered the cost however it took nine months for the money to be repaid resulting in a large impact on cash flow for nearly a year.

Law firms risk suffering major reputational damage, as well as future revenue damage when clients are defrauded, even when they are not directly involved. They also see huge jumps in their insurance premiums.

Examples like this are all too common and I fail to understand why directors and business leaders do not take cybersecurity seriously, especially as the threats are evolving in sophistication and are becoming increasingly likely.

Your company needs to be robust and have a road map as part of your IT strategy that will help you identify the IT and organisational changes you need to make. Technology can only do so much to prevent breaches, and people need to take responsibility for their own actions. In fact, I would go as far as saying that people pose a much bigger risk to your cybersecurity than the risk in the technology itself. A building might have a state-of-the-art security system, but that system will be pretty much useless against thieves if someone leaves the back door open – and, IT wise, this is what will happen if a company has great cybersecurity technology but poor staff training and awareness. Thieves will always check the back door because they know that’s where the weakness is more likely to be.

Mitigating risks

In order to provide your company with an effective cybershield, you need to implement technical as well as organisational measures. You need the right technology and the right policies as well as staff who are trained and alert.

If you take technical measures to defend your company from cyberattack but don’t touch on the human element, then you are sleepwalking into disaster. The most popular notion of a hacker is a geek in a basement trying to break into your system through firewalls in order to launch attacks. However, the reality is that hackers are more likely to get into your system through a password someone has inadvertently given them. Human error makes things so much easier for the hackers, which is why staff awareness and training is so important.

You have to deal with the potential for human error and make sure users know what they need to do. Show them ways of spotting potential problems and fraudulent emails. But do it on a regular basis. There are theories that for something to become a habit it must be repeated and reinforced so it eventually becomes a muscle memory. This is the same with staff awareness of cybersecurity.

In the event of an emergency…

It is also necessary to have measures in place to deal with a successful attack. Everyone needs to be as familiar with the process of reporting a breach as they are with breaking the glass on an alarm in the event of a fire.

Cybersecurity is so important to your company that strategic leadership at board level is an absolute necessity. In my experience, C-level executives are nervous of IT because they do not understand it. As IT is generally managed by technology specialists, the Board generally lets them get on with it and does not question decisions made by these specialists. But IT is there to facilitate your business and help your staff deliver services and products, so it has got to be relevant, help your business be more efficient, and be the right size for your business’s needs. It can only do this if it is integral to your overall business plan, and this can only be achieved at Board level. If you do not already have an IT Director on your Board, then it is time to consider a Virtual CIO who has both the technical expertise and business acumen to understand how technology can protect and enhance your business.

What our customers say

Lumina Technologies have taken the time to understand the requirements of our business and work as our strategic IT partner, enabling us to concentrate on delivering a high quality service to our clients and focus on our growth strategy. They have delivered a 100% cloud solution to our business with no underlying infrastructure costs or maintenance, which gives us scalability for our planned growth. It also means our business critical applications and data are securely accessible from virtually all our user devices. Lumina’s professional approach and strategic expertise is highly valued and their management of our IT – based on their in-depth knowledge, leaves us confident that our systems are available 24×7.

Luke Harrison
Keidan Harrison LLP

Lumina have supported us so well through the difficult circumstances of 2020.  They worked extremely hard to ensure we were able to work remotely and continue to operate our business successfully. The support team are very friendly and knowledgeable, and have excellent response times.

The team have also enhanced our cyber security which is so important in the legal sector, and they continue to provide high quality advice to help us move forward with our IT goals.

Robin Illingworth
Managing Partner, Adams & Remers LLP

The quality of IT Support provided by Lumina Technology is of the highest standard and is complemented by effective client liaison with impressive response times. Trap Oil Group plc has no hesitation in recommending Lumina as a dedicated and specialist group of IT professionals.

Martin David
Technical Director, Trap Oil Group plc

Richard and his team are a real inspiration to anyone who meets them and I have watched Lumina’s growth over the last few years with interest and admiration. Richard has been an amazing supporter of the Hospice of St Francis, being a Gold member of the Corporate Partner Network for almost two years. He takes an active interest in the community and is passionate about his company and his town: nothing is too much trouble, he is always willing to help, to give up his time and to provide business advice when asked. Lumina is an inspiration to any company wanting to set up business in Hertfordshire.

Carolyn Addison
Corporate Fundraising Manager, The Hospice of St Francis

Lumina Technologies Prism Hosted Desktop has allowed our business to centralise our global corporate data, allowing much faster access for all our staff – regardless of their location. We have also been able to simplify and reduce our infrastructure and management overhead. With the new Prism Hosted Desktop solution all staff now have simple and secure access to corporate data using any device they choose. Prism Hosted Desktop has increased the productivity of our staff and given us a single, consistent and familiar experience for all users from any device, in any location, 24/7.

Katherine Roe
Chief Executive Officer, Wentworth Resources PLC

The commercially sensitive and regulated nature of Lambert Energy Advisory’s business requires an IT provider able to maintain the highest levels of integrity and confidentiality, Lumina Technologies has consistently been unimpeachable in this regard over the nine years we have employed them.

Patrick Agar
Lambert Energy Advisory

It has been a great pleasure working with Lumina Technologies over the past two years. They have fully committed to being involved in the local community with volunteering and with professional advice and commitment, helping many local charities along the way. As a growing company it proves that being involved in the local community is helping them attract and retain a talented workforce and I look forward to working with them well into the future.

Cindy Withey
Connect Dacorum

Hawkstone Management Services Ltd is a small company for which IT Outsourcing is realistically the only viable option. Lumina Technologies have successfully performed this role for over fifteen years. They also provide innovative solutions to keep pace with technological progress. I would have no hesitation in recommending Lumina to similar sized businesses.

Stephen Pembury
Hawkstone Management Services Ltd

Charles Douglas Solicitors LLP have been using Lumina Technologies for a number of years now and continue to be impressed by the technical know-how and contemporary knowledge of their senior management, who provide a timely, efficient and friendly service. Whether it is a small issue with one computer, or a strategic IT decision, they maintain a current knowledge of available technologies. Lumina are always at the other end of the phone to help resolve issues and minimise business interference. The technical knowledge of Richard and his senior team means that there has not been a problem that they can’t solve to date. I am sure we will continue to use them in the years to come.

Charles Douglas
Managing Partner, Charles Douglas Solicitors LLP

The team at Lumina Technologies have made the Amoun Travel & Tours office IT transition seamless and problem free. The office set-up has been vastly improved and the IT Support services are flawless. No issue goes unresolved, which is extremely reassuring.

Adam Helmy
Amoun Travel & Tours Ltd

Lumina Technologies has been Salamander Energy plc’s IT provider since start-up in 2005 and has supported us in London during our expansion across operational offices in SE Asia. Their professional approach, strategic advice and close co-operation have been essential in making this a success.

John Bell
Group Technical Director, Salamander Energy plc

Richard and his team at Lumina have provided Perrett Laver Limited with high quality strategic and practical IT Services for over ten years. During this period, Perrett Laver has grown from 10+ colleagues based in London to nearly 100 colleagues located in six offices across the Americas, EMEA and Asia-Pacific. Richard and the Lumina team have not just been responsive to our ‘everyday’ IT needs, but have proactively sought to work with us on developing an infrastructure suitable for the type of operation we are today, and are planning to be months and years down the line. I would not hesitate to recommend Richard, especially for small to medium size business with growth in mind.

Clementine McKinley
COO, Perrett Laver Limited

Society Limited has been supported by Lumina Technologies since our earliest start-up phase. From large logistical challenges like an office move, through to smaller fiddly issues like fixing a faulty e-template, we know we can count on their support and advice. They’ve also been able to engage with us strategically on the challenge of scaling-up our infrastructure as the firm continues to grow and evolve. We always feel confident going to Lumina with a problem, since we know they genuinely care about sorting things out and helping us to get on with our core business.

Simon Lucas
Managing Director, Society Limited

The Vita Group HQ staff have worked with Richard McBarnet and Lumina Technologies for over 9 years, with Lumina providing all our PC, server, phone, and software support. The services have included C-level executives based in London, Manchester, the US, as well as supporting home office IT as well. The service provided and intellectual capabilities are outstanding and we would highly recommend Richard and his Lumina team.

Joe Menendez
CEO, The Vita Group

We worked with Lumina on a GDPR Audit. Richard was knowledgeable and professional throughout, and did the best he could to bring a dry topic to life through lots of real life examples and analogies. We were so impressed with the service Lumina provided and the value we got from partnering with them on this project – we couldn’t recommend them enough.

Holly Cottingham, Vintec Laboratories

Discuss your business needs today

Get in touch Schedule a call