The recent NAO report on the NHS cyber attack in May this year highlights how even the biggest organisations rely on small details.

 

According to Amyas Morse, head of the National Audit Office, on 27 October 2017; “The WannaCry cyber-attack had potentially serious implications for the NHS and its ability to provide care to patients. It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice.” The report said that “taking action to manage their firewalls facing the internet would have guarded organisations against infection.”

 

There is a lot of information available about how to defend against cyber attacks and this is certainly a serious risk for many businesses.

 

Are you aware of any weak links in your business?

For a start, individuals can still make mistakes even where there are very many useful systems to assist. Spell check cannot ensure your biggest customer’s name will be spelt correctly. Calendar reminders can be ignored.

 

Rules and systems are more effective when they are aligned to the way that individuals work naturally. Apparently, we have 95% of the same thoughts every day so it is likely that importing an extra step into a process can disrupt (as well as enhance) a pattern of working that takes time and repetition to “regroove”. Any change is both stimulating and risky—and the world of IT is changing all the time, which could be why it is less resilient.

 

Weaknesses can come from external forces—late payers, difficult suppliers—some of which may be addressed (with a bit of forethought) in contract conditions.

 

I would suggest that every business has weaknesses; no system, no person, is infallible. If you don’t know where yours are, test every area of operation and then be vigilant for complacency and train well for change—before you find out in a live and potentially damaging situation.

Share This