HG is delighted to introduce a new member of our growing team, Craig Knappick.
Having led at a national and state level in chief people & culture roles in both the public and private sectors, as well as big four consulting, Craig has an extensive leadership profile with a unique blend of skills and experiences, that in our view sets him apart from most.
Craig’s professional aspirations center on the empowerment of individuals, communities, and organisation’s to excel and surpass expectations, with a focal point on workforce data and reporting, systems implementation and innovation, workforce planning, culture, diversity, data analytics and talent building to facilitate positive organisational outcomes through streamlined transformational change processes.
He is a strong influencer and connector, holding an extensive record of accomplishments after supporting and leading transformational change through a number of significant reforms. This includes implementing complex systems software, providing him with great insights on the complexities of navigating business needs with the pace of technology in areas with highly sensitive data and personal information.
In this special feature, we asked Craig to share his thoughts about cyber-security, as well as the considerable upsides of cyber resilience, where an outline of practical precautions and solutions for leaders would be featured.
This is what he told us.
Boosting Privacy in a Hyperconnected World
The last few months we’ve all read the reports on the cybersecurity attacks at Optus and Medibank yet are we any the wiser as to what this means beyond unknown overseas sources having access to our data? The outrage has been loud and there is broad concern that ‘others’ have our information that have intentions far from admirable nor with good intent. In years past we saw breaches of data privacy with Facebook and online dating app and a whole world of pain for the companies involved and the customers who assume, wisely or not, that their information is absolutely secure.
Clearly the intersection with privacy is at the heart of the need for robust cybersecurity.
So why is there a high focus and need for cybersecurity?
Simply put today the biggest risk to our privacy is the threat of unintended inferences from intentional outside hackers. To stop this threat, we need security in the cyberspace where all the data is held.
Why is this becoming more important now than a decade ago?
This is due to the power of machine learning techniques. In other words, technology’s ability to be programmed to scan the large amounts of data (‘big data’) available across the web and cloud to source information relating to our finances, ID, personal histories, web use and thinking patterns. At its foundation this enables machine learning to accurately assess who we are and what our interests are through the vast analytics available and kept in online records by a multitude of organisations. Think for example how many customer numbers and passwords you have for online shopping, government departments, work, social media, insurances, banks, clubs, education and the list goes on. In the health arena the implications are significant. Unknown individuals and sources finding out our health status and history are a major threat in a society where we value the privacy of personal health records. Society has indicated with the advent of stricter privacy laws that they want such information to be private and only released with said individual’s consent. If that is the case, then cybersecurity is paramount to that privacy.
What has this got to do with our values as a society?
If we value anonymity in regard to all this information and want the ease that electronic records have provided us over the last decade such as our health status, then the need for cybersecurity and the controls it provides is then the price business, governments and individuals must pay. Unless as an individual you want to go ‘off grid’ with no electronic path or record then you are going to have to compromise. That being said it would seem that whilst we accept some level of information sharing and that organisations are tailoring advertising and other information to you and I based on the data algorithms that can be used to reach us the fact remains that we value privacy highly when it comes to our finances, health and ID. The individual right to this privacy is the value underpinning the constant need for improved cybersecurity.
Will the need for cybersecurity plateau or slow down?
The amount of data in the cyberspace is growing daily. In fact, it is estimated that each day there is 2.5 quintillion bytes of data created. The pace is astronomical and the need for safe spaces vis-à-vis places that ensure ease of access irrelevant of location and at high speed are not necessarily compatible. Maybe as a society we are going to have consider whether when it comes to accessing data can we effectively have security, access ease and speed equally. It is clear with the current trajectory of data capture, storage, access and analytic capability that cybersecurity is in a race against those who can find the cracks in the firewalls that lead to data breaches. Can we keep plugging the holes?
The question on every IT department’s agenda is how do we ensure the security of all this data is watertight?
The most common forms at present include:
- Using strong passwords. You will have see they are asking for more digits, more variety and more frequent updating.
- Controlling access to data and systems. Think about does everyone need access, when they need it, how frequent they need it and what happens when they no longer need it.
- Firewalls remain important and more so when it comes to financial, health and legal data.
- Using security software as another line of defense that is up-to-date and fit for purpose.
- Updating programs and systems regularly. Newer programs and systems are updated with greater security as software developers incorporate this into their programing. Old data on old programs is often forgotten about and gives hackers time with less likelihood of discovery of finding ways into it. How much data is not transferred to new systems and remains supposedly locked away in old systems no longer strongly monitored?
- Monitor for intrusion. IT Departments have staff who monitor for phishing and other ‘unusual’ events much the same way that finance, HR and other professionals monitor for trends and unusual spikes and changes.
- Raise awareness. This is where all staff come into play. Being vigilant to what comes in and out of each person’s inbox, what cookies are accepted and what sites are visited and signed up to.
How do non-tech people get involved with an issue that is more than just about being tech savvy?
The core to this is to ask the questions. Ask the ‘stupid’ and the difficult questions. Even when an answer is not forthcoming then keeping pushing to find out.
Then there are the governance requirements. Schedule regular security debriefings at board and executive meetings. Put privacy and security on the standing agenda. It should be on everyone’s risk register, but it must be actively managed and engaged with consistently.
Then there is the investment question. Like all major risks you must ask is the investment in data security and risk management infrastructure a priority knowing that the cost of a breach can have devastating consequences for business viability, customer satisfaction, ethics, government and board integrity not to mention the potential human cost of information accessed and abused that can take a significant personal toll.
Then there is ensuring that you have the organisational expertise. Have you got the individuals and the L&D investment in growing this capability in your business both amongst the tech experts and the users? That confidence is a key mitigation to the identified risks and communication and training are foundational in building that knowledge at different levels of the organisation.
Finally have an incident response plan. Be prepared for the worst-case scenario. Management and executives must respond quickly. It must be timely and indicate and accept accountability. It is about maintaining customer trust as a top concern. Consider the impact on every line of business, not just the CEO and CIO. It involves every department head/director.
The tech and associated electronic data train has long left the station. Whilst it may seem like a race against time if we ensure that the foundations as to why this is important are clear and justifiable then we have to accept the constant work, investment, skill and knowledge that are our ally against an enemy we cannot see.
About The Author
Craig is a highly experienced senior management consultant and a government executive.
His expertise has provided strategic advice and operational delivery of initiatives including operating model design, organisation transformation and change programs, HR, process improvement and systems implementations.