Written by Sonya Stephens, 12 December 2017

I’m writing this at a time when Christmas is fast approaching. I only blinked in January and it was December again… how does time fly by this quick? For me, this time of year is also a time of reflection. Now I’m reflecting on my career and how I got to where I am now… has it really been over 20 years?!

There have been good times and there have been bad times, and everything in-between. At the start of my career I remember my auditing days at PwC – Coopers & Lybrand back then. I remember the caring Audit partners and the snobbish ones. I remember my first client audit file being flung back at me by one of the latter ones. It landed with a thump on the floor. I picked it up, held my head high and knew I had to do better. And I did. It helped that I was not alone in this as he did seemingly do this to most of us that worked for him. It was the cause of nightmares at the time, but I got through it stronger and better. We all did. From there I moved to a Telecommunications company to work back my study bursary that I received from them and, as young as I was, quickly moved up the ranks and became a manager. This was a warm welcoming working environment and I did enjoy my time there.

Throughout my career I can honestly say I always focussed to produce high quality output. I always cared about the businesses I worked for, and my colleagues. I always gave my best during my 15 years at a large Global Financial Services company. But there were a couple of occasions where the relationship between myself and others strained my ability to perform:

  • The first was when I was working for a micro manager that, to my mind at least, fulfilled MY managerial duties rather his own strategic directional duties. I felt suffocated and will embarrassingly admit to hiding in the toilets on a few occasions to avoid him. After several attempts to make it work I realised that we would always butt heads; it was his way or the highway. My thoughts and opinions didn’t seem to matter, and I started applying for other positions within the group. He was so out of touch with how, me, his employee, was feeling that after I totally checked out, I vividly remember his comment during my performance review: “We seem to be getting along much better now.” He didn’t even realise that I was mentally somewhere else. I did move on from there and my career flourished again.
  • With the second time I’m still struggling to put the pieces together. There were so many factors playing a role and the environment was much more political with, in my opinion, overloaded individuals with dual or triple-hatted roles and governing roles without the adequate authority. To top this the office was shutting its doors bringing with it heaps of emotional turmoil in everyone.

From my experiences I can share some of the “people” things I’ve learned over my career. The more toxic an environment gets; the less people care and the higher the cyber security risks are which can potentially cause breaches in confidential information. The situations below should provide cause for concern:-

  • There are no clear lines of defence, e.g. governing functions report into operational functions.
  • Team work is becoming compromised by office politics.
  • Individuals are overloaded and become responsible for multiple, sometimes conflicting roles.
  • Delegation and leadership are weakly maintained or unrecognised.

Ways in reducing your cyber security people risks:-

  • Trust your gut instincts – if something doesn’t feel or seem right, investigate further.
  • Treat your staff right – listen especially to those ones that don’t voice their opinions or concerns; listen less to those ones that often have something negative to say about others.
  • Authority need to match the role and responsibilities – no one can be effective in a role with no authority to execute.
  • IT operations and Security operations functions best as separate individuals / teams – working together they can plot the path to operationally enable the business in a protected manner to achieve the business’ objectives.
  • Break security into subsets and assign responsibility accordingly – no one person is an in-depth expert in all things security related. It is a big field; there are generalists and deep-dive topic specialist – a balance is needed to be effective.
  • Governing functions need to have some form of independence from operational functions – if governing functions report into operational functions the messages often become blurred.

With heavy fines from the GDPR non-compliance, it is essential to have people, processes and technologies working together effectively. Lacuna Securities have the skills and experience to guide you. Contact us on +44 (0) 333 939 8553 for further information.