We catch up with Shadi Razak member of the founding team for CyNation and Director of Compliance and Cyber Security. CyNation is a leading compliance and Cyber Security provider. It aims to help organisations gain better visibility of their cyber risk and compliance in order to help them to improve it as well as create an enterprise-wide cyber security risk culture.
FA: Why is security something companies should think about from the beginning?
SR: Security is quite an important ingredient and business function in any organisation. Security is actually more of a revenue centre than a cost centre, like a lot of organisations think at the moment. It’s quite important for them to approach it a little bit differently than we have been preaching for the last 20 years. It’s more interesting to look at it from a risk perspective, as a business risk, more than anything else. Doing that will help the organisation to realise how they can utilise cybersecurity in building and improving their services, their solutions, as well as their internal day-to-day processes. In this way, organisations can become more resilient and have better chances of being more proactive against any cyber threat or cyber risks that they might face.
FA: How does better security enhance user experience?
SR: Security enhances the user experience for a simple reason: because we are approaching it from risk perspective. Now the user experience is based on actually being happy, satisfied, having a good experience. In other words, avoiding the risk of the users not being happy, their information being compromised, loosing their data, getting their data stolen, or fraud for example. One of the main issues for us here is to understand why they believe that this is hard to do and try to look at the risks behind it. What are they actually looking for in their user experience? Then how can we authenticate them and allow them to use that system in an easy manner. There’s a lot of options out there that we can utilise.
Technology is an enabler. The main idea is to focus on the process. Identify the risks, what are we trying to achieve and how we can reflect that on our processes and find the technology that is available. I believe that security is an ingredient of user experience. It’s a component of it as well as being a a vital part of a business’ success or survival.
FA: What is your advice for a Fintech start-up that wants to enter the market?
SR: I would urge them to think about security from a risk perspective. Don’t take it as only about encryption and data security. Implement it from the beginning when you are thinking of starting your organisation. Think about the risks that are accompanying that process. Try to find the different ways to mitigate these risks and redeem against them. Eventually you will find yourself moving towards a cyber security risk culture in your organisation. It’s important to know what you want, what are the risks and try and find solutions around that. It’s not just about funding, it’s not just about finding clients.
If you are approaching cyber security and adopting it as part of your risk from the early stages you’ll become more attractive to fund raisers and investment. They will see that you have done your homework. You are trying to enhance the user experience. You are taking your business seriously. Also your clients will find you different so you will have more of a competitive advantage opposed to your peers. Hence, I believe that security in an organisation is a revenue centre. It starts as a cost centre, transferred to a cost saving centre, however becoming a revenue centre.
You’re becoming more agile by adapting to the risk. When the environment changes, your risk changes, you become more proactive. Having said that, it doesn’t mean you’re going to become 100% secure but you will be more likely to avoid big incidents and become the next big news on the front page.
Incorporate security from the early days in your business plan, in your strategy, in your product development. Even when you are hiring employees: ask them what they know about cyber security and how their misuse of the resources and technologies you are offering, or their roles and responsibilities, affect the business financially and non financially. That will help you establish a successful business.