Finance General Turnaround

SMEs – don’t let the looming GDPR deadline distract you from cyber security

cyber security and cyber crimeWith the May 25 deadline looming for businesses to comply with the new General Data Protection Regulations (GDPR) it is only natural that SMEs will be primarily focused on this issue.
While there is some evidence that a number of SMEs have left dealing with GDPR to the last minute, this is understandable given that the consultation period only finished last month.
So, although the clock is ticking, it makes sense to check for any last-minute updates on the ICO (Information Commissioner’s Office) online guidance before completing the GDPR compliance process.
GDPR is aimed primarily at protecting the personal and individual data of your customers and contacts but businesses also need to have robust protection from fraud and other malicious practices for themselves.
Cybercrime is becoming increasingly sophisticated and there is new evidence about how much it has been costing SMEs.
Research by YouGov commissioned by Barclays Business Banking has found that 44% of SMEs had suffered a cyber-attack and a small percentage had actually had to make staff redundant to cover the cost of dealing with it. Given that there are more than 5.6million SMEs that theoretically equates to a loss of up to 50,000 jobs.
The average cost of each fraud has been estimated at £35,000 and in addition to lost jobs, it could also impact on investing in training, equipment and further business development.

A robust cyber security system is essential

Criminals are using ever more sophisticated measures to scam businesses into parting with money.
Among the most worrying developments has been emails appearing to come from someone within the organisation, such as the CEO, instructing a member of staff to pay a bill or transfer money into a named account.  Or emails with attached invoice documents, which when opened give hackers access to the IT system.
It is important that businesses put in place measures to protect them against such scams.
They should include:
Staff training, this is key since staff access and online activity from work-based devices represent the greatest weakness in most online security systems.
Using strong passwords and a password policy to help staff follow security best practice. Perhaps consider also technology solutions to enforce your password policy, such as scheduled password resets.
Restricting staff access to only the data and services for which they are authorised and have been trained.
Installing security software, such as anti-spyware and anti-virus programs, to help detect and remove malicious code if it slips into the business network.
Using intrusion detectors to monitor system and network activity. If a detection system suspects a potential security breach, it can generate an alarm, such as an email alert, based upon the type of activity it has identified.
Finally, the business should ensure staff understand their role and any relevant policies and procedures, and provide them with regular cyber security awareness and training.

Business Development & Marketing General Rescue, Restructuring & Recovery

Machiavellianism – the most toxic of the three threats to a business?

“It is better to be feared than loved, if you cannot be both.”
So said the Italian Renaissance diplomat Niccolò Machiavelli, whose activities have bequeathed us the term Machiavellianism.
Machiavellian puppet master bossIn a business context, this final personality type of the Dark Triad behaviours (with psychopathy and narcissism) is potentially the most dangerous of the three, not least because it is often widely admired and promoted as a recipe for professional and business success.
However, that success is only at the personal level. It can be lethal for the organisation to which the Machiavellian belongs, especially if they are in a leadership position, as they often are.
It is the most difficult to detect and it involves cynicism, deceit and duplicity.

How to recognise Machiavellianism

Characterized by a duplicitous interpersonal style, a cynical disregard for morality, and a focus on self-interest and personal gain the extreme Machiavellian is likely to be an aloof, sarcastic bully, slyly manipulating a given situation to their own advantage.
They will pick their time and the situation carefully to suit their aims, generally to maintain power. While they may show a superficial charm, they operate on the principle that the end justifies the means.
As ever, with the Dark Triad behaviours, however, there is a continuum, where at the moderate end of the scale such behaviour can be positive but taken to extremes its application can damage the people in an organisation and ultimately the organisation itself.
The study and understanding Machiavellianism in business has become a topic of increasing interest.
This may be related to a growing demand for more ethical behaviour in business in the years since the 2008 Financial Crash, but perhaps also in part because of the media focus on the proliferation of employment practices like Zero Hours contracts, greater income inequality and corporate greed.
In the European Journal of Psychology, November 2015, Panagiotis Gkorezis, Eugenia Petridou, and Theodora Krouklidou, shared an article under Creative Commons rules on their study: The Detrimental Effect of Machiavellian Leadership on Employees’ Emotional Exhaustion:
While their results are nuanced and too lengthy to go into here this comment stands out:
“The findings indicated that Machiavellian leaders have a detrimental impact on employees’ organizational cynicism and emotional exhaustion … both outcomes negatively affect core attitudinal and behavioural outcomes such as job satisfaction, organizational commitment, intention to quit and job performance,”
In Why Bad Guys Win at Work, an article in the Harvard Business Review, also in November 2015, Tomas Chamorro-Premuzic, a Professor of Business Psychology at University College London and a faculty member at Columbia University, argues that “Machiavellian tendencies facilitate both the seduction and intimidation tactics that frighten potential competitors and captivate bosses”.
That might sound like a positive for a business but, he says, the individual gains of the Machiavellian perpetrator always come at the expense of the group.
The implications are clear. For businesses that rely on their reputation for ethical and fair behaviour, as most do, or should, the lesson is clear.  In order to survive and prosper as an organisation employ a Machiavellian type at your peril.