Brendan Merry, Manager Pacific Islands at IT company Data#3, explains why managing IT risk is one of the most important things businesses can do to be able to fully embrace the technological change coming to Papua New Guinea.

Data#3’s Brendan Merry. Credit: BAI

When people think about security, they might think about using Black Swan International to make sure they get to their location safely.  But, for most people with an IT background, the word ‘security’ means something different: a basic range of solutions, such as endpoint and mail-filtering, and protecting offices and servers from outside threats.

Nowadays, boards want to know what is being done to manage risk, and guarantee there are systems in place to protect themselves – and there are a lot of opportunities for growth in this area.

For PNG, knowledge-based technology, science and engineering education, as well as emerging industrial technology for downstream processing, are some of the opportunities in the sector.

And, as PNG moves towards better network connectivity, it’s a matter of getting ready to thrive domestically and internationally.

Embracing change

People usually get caught in the way things were, in the legacy, but the real power comes from jumping onboard.

For example, those who embraced digital technology and the Cloud in Fiji first are now miles ahead of everybody else – and that’s where you want to be.

This doesn’t mean that you have to do things recklessly. It doesn’t mean you have to be the first to say ‘Let’s throw everything up in the Cloud,’ but don’t discount it.

‘Risk shouldn’t be just IT’s responsibility, it should be everyone’s. It’s okay to ask your IT team what they are doing it terms of security, but in reality, you should be asking “What are we doing as a business to minimise risk?”‘

Some customers who have moved their mail into the Cloud still have a server on their premises; they have a hybrid system. That’s what we recommend most of the time.

And once you decide to embrace the technological change, then you’ve got other things to consider, such as General Data Protection Regulation (GDPR) requirements and your individual responsibility to manage data.

Individuals should be aware of what Logan Daley, Information Assurance Specialist at Data#3, calls ‘footprints and shadows’: where our data resides, how we manage and access it (phones, laptops), and control that information.

That’s why the biggest change you can make when it comes to security is awareness and education. No one wants to admit they got a virus or the wrong configuration, but these things are more common than you imagine. It’s really easy to get a virus if you don’t educate the end user.

Assessments are very important too. They are about what you are doing right or wrong, and the things you can build on – what’s your strategy moving forward, how will information flow, and how to manage and protect that information. That’s why they are so popular at the moment.

Your data is valuable to plenty of people out there, so it’s crucial to protect it. Privacy is really important for everyone, including your staff and yourself.

Solution

The best solutions we’ve rolled out around the world are really simple.

You don’t need to have the best firewalls in place or the best infrastructure; you don’t have to spend a fortune in security because it often comes with a hindrance, and it affects your user’s productivity and how they access technology.

We’ve heard before that the best technologies should be simple, seamless and invisible – and that’s absolutely true.

Risk shouldn’t be just IT’s responsibility, it should be everyone’s. It’s okay to ask your IT team what they are doing it terms of security, but in reality, you should be asking ‘What are we doing as a business to minimise risk?’

If you can engage in strategic partnerships from the beginning and put in place solutions when you’re doing your planning and structuring, then it becomes easy to manage risk.

Brendan Merry is Manager Pacific Islands at IT company Data#3.