Cyber Security: Dutch companies are at risk because of human influence. What to do about it?

How design thinking builds awareness and improves Cyber Security

Within a couple of months the new EU General Data Protection Reguation (GDPR) comes into force. It is the most important data privacy regulation in 20 years and yet another challenge for companies in the realm of Cyber Security. How to respond?

Creating awareness
The Dutch Data Protection Authority has issued a list with 10 recommended actions to prepare for the GDPR – the first action is to create awareness. Awareness is key because all relevant people in your company are needed to get to a clear picture on how the GDPR impacts on processes and services delivered. (Full list of recommendations (in Dutch):   https://autoriteitpersoonsgegevens.nl/nl/onderwerpen/europese-privacywetgeving/voorbereiding-op-de-avg )

Last September Ink Strategy participated during the International Cyber Security week in Singapore. We were part of a Dutch consortium led by TNO (Nederlandse Organisatie voor Toegepast Natuurwetenschappelijk Onderzoek) to exchange knowledge and experience. By using visual collaboration Ink facilitated awareness building about cyber security in general. One of the things that stood out is how security breaches through hacks or leaks are usually the effect of simple human errors. Whether it’s users, consumers or employees, awareness is low and the number of incidents high. Moreover, when looking at different media and the number of hacks reported, it’s clear that the problem is growing. (https://www.nytimes.com/2017/06/27/technology/ransomware-hackers.html).

the Dutch Ambassador in Singapore (right) together with the CSA director (left) at the Cyber Security Week 

Thinking outside the box, together
Design can help tackle this problem by explaining technology in a simple and elegant way. This is how using design builds awareness and improves Cyber Security.

Take blockchain. In itself blockchain is highly complex and hard to understand, but discussing it in a visual way during the Singapore conference, we were able to build a clear picture of this technology, its security dimensions and application. A visual like the one below helps to identify risks, where to invest, who is accountable for what, and long-term and short-term consequences of building a future proof vision. Designing together combines insights from technology and human behaviour. In doing so, it aligns entire it-departments, bridges the gap with the business and effectively deals with cyber security.

Best technology in place? In the end it is about people
If anything, we hope your key take away of reading this piece is this: Cyber Security is just as much about human behaviour as it is about technical measures. Unfortunately the human behaviour part is often forgotten and this often leads to big problems. The challenge is to involve both technology and people – strategic design is a great way to do so.