The role of the Data Scientist is changing

/in /

As organisations have started to realise the importance and value of data, their need for the right skills and expertise has also increased. In trying to make sense of the vast amount of data gathered on a daily basis and use it to solve business problems, identify insights and trends and make decisions to support new ideas, they need more people with a mix of statistics, database, data visualisation, machine-learning, coding and data preparation skills.

Data scientists are increasingly in demand to steer information and technology strategy, of which AI is a key element. As hiring them becomes a board-level priority, how is the role evolving?

Increased specialisation

As the overall level of data literacy improves across the workforce, with other employees gaining a better understanding of how to use data more widely in their own roles (such as marketing intelligence, employee retention and absenteeism figures), there will be a shift towards the future data scientist becoming more specialised. As a result, some organisations may need to consider skill-specific data scientists.

An emphasis on problem solving

Data scientists need a much wider skillset basis than statistics or data analysis; data scientists often need to start by creatively looking at the problem and understanding how to resolve it in order to achieve business goals. As a result, expectations are growing that data scientists will bring domain expertise, communication skills and an innovative mindset to the table as well.

AI knowledge more important than ever

Machines are much more able to cope with complex calculations than humans, which in turn has led to many organisations looking to AI, supported by professionals that perfect the algorithms and communicate how to build them into the overall business strategy. Deep familiarity with artificial intelligence is becoming a ‘must-have’ for many data science positions. Keeping up to date with the latest developments and research into AI is a must, if only to understand when ‘industry standard’ versions can be adapted to work better for the company.

Higher expectations

Businesses now recognise the importance of data science, but increased demand and investment means they expect people who are confident and able to align a data strategy from the off. While at one point, data science was a niche specialism, as it now informs and feeds departments across the company, it’s expected that analysis experts will also be competent in all related software, business reporting and machine learning.

More private-sector opportunities

Many data scientists are currently hired by companies that have little or no understanding of the discipline, often joining a very new department. It’s estimated that data scientists currently spend on average less than 20% of their work hours doing actual science and analysis and digging for deep insights. As the private sector comes to realise the value of data science, it could well be that focus on return on investment and profit could drive a new wave of efficiency, using data science to increase productivity.

More focus on strategic solutions

While the sector grows in importance, it does mean that competent practitioners are becoming more influential in the business world. While most positions will still require that a data scientist knows their way around programming languages, in some organisations, data engineers are taking on more of the data preparation, leaving data scientists to expand their roles to identifying opportunities where they can help grow the business. This broader scope could see their priorities being incorporated as part of wider business aims or goals.

Data Science roles often remain unfilled for up to 45 days, due to skills shortages, according to IBM. The University of York’s 100% online Computer Science with Data Analytics Masters is aiming to change this. The programme is designed specifically for those who may not currently have a computer science background but want to launch a career in this in-demand field. The course covers a wide range of topics such as algorithms and data structure, machine learning, software engineering and artificial intelligence, preparing graduates for a wide range of positions.

As the programme is delivered 100% online, there’s no need for campus visits. You can choose from six start dates per year, enabling you to remain in your current position and work around family and other commitments. There is the option to pay-per-module, and some students may be eligible for a government-backed postgraduate loan to cover the cost of the course.

Find out more and begin your application

The problem with passwords – and why the answer is two-fold

/in /

Hacks and data breaches are becoming the norm, as more and more aspects of our lives move online. Yet in many cases, the damage done could have been mitigated if users were using two-factor authentication to secure their accounts.

Why? While using the name of a family member, pet, or favourite holiday destination may make it easier for us to remember our passwords, it also makes it easier for hackers to guess them and steal credentials, or crack passwords with automated brute force programmes. Particularly as more than 80 per cent of people use the same password across multiple accounts.

The latest Verizon Data Breach Investigations Report shows 81% of hacking-related breaches last year leveraged stolen or weak passwords; an almost 20% increase over the previous year. This shows that the password problem is not just persisting but is getting worse. So, what can organisations do?

Two-factor authentication adds an extra layer of security

The password, an age-old authentication method, is not only simple for users, but also for cyber-attackers, as there’s only one level of security to overcome. Two-factor authentication aims to keep the simplicity for users, but prevent malicious actions by adding a second layer of security.

Two-factor authentication sounds complicated, but has been used by cash machines for years; you need both the card and the correct PIN to access funds. The same principle can be used online, where a PIN is sent to a user’s phone, proving they have both the account info and the associated device in their possession, preventing many of the issues associated with passwords and unauthorised uses of accounts.

The ability to deliver a one-time PIN is at the heart of two-factor authentication. One way to deliver a password to users is through a mobile app, but this relies on numerous pieces of the puzzle fitting together successfully: the user must download and activate the app, the app must be connected to each service, one by one. Not only that, but platform and version incompatibility can cause the apps to fail. The simpler option is text message delivery, as its straightforward, cheap and is accepted by almost every telephone.

The benefits for businesses

While two-factor authentication is one of the most effective ways for organisations to reduce cybercrimes such as identity theft, hacking and phishing, it also increases customer loyalty and trust. Companies that take two-factor authentication seriously are demonstrating to their customers that they take security seriously, which is vitally important as more and more of our information, daily lives and financial actions move to online platforms.

The fact is, when it comes to cybersecurity, two-factor authentication is no longer a ‘nice-to-have’, but the challenge is to create a universal system that works in every situation but doesn’t become an inconvenience for customers.

The need for expertise in this field is growing, but currently demand for computer science skills far outstrips the supply of qualified graduates. The University of York’s 100% online Masters in Computer Science with Cyber Security is designed for working professionals and graduates who may not currently have a computer science background and want to launch their career in this field. It equips graduates for a range of positions in security engineering, software development, programming and computer and mobile networks.

There is no need for campus visits as the course is delivered 100% online – this is your computer science Masters degree, on your own terms, in your own time. Choose from six start dates per year, enabling you to study around your current job and home commitments. There’s also a pay-per-module option available, so there don’t have to be any large upfront fees. Some students may be eligible for a government backed postgraduate loan which covers the cost of the course.

Find out more and begin your application

The importance of inclusive leadership

/in /

Inclusiveness isn’t just a nice-to-have. Having a diverse workforce with people from various educational, cultural and racial backgrounds fosters a range of alternative skills, opinions and approaches. Coupled with employees of differing experience levels and those who’ve worked in other businesses and sectors, this creates a unique environment where different viewpoints can be utilised to great effect, leading to more diverse innovation and business routes which may not otherwise have been considered.

Getting a mixed and diverse group to perform at their peak, however, requires strong leadership, not just for communicating team goals, but also on a personal level, allowing employees to feel respected, valued and therefore confident of their contribution.

Why is this so important?

  1. Generational diversity is expanding
    We’re now fitter and living longer than ever before, which means as young people finish education and come into the workplace, there are still plenty of people from the older generations still working. Longer careers mean a greater mix of ages that need to work together.
  2. To attract, retain, and engage millennials
    With new expectations and values placed on careers, millennials are challenging the traditional workplace and paving the way for a generation that expect far more from a job than just remuneration. More than half of millennials value inclusivity so highly, they’d quit jobs and change companies if they didn’t believe their current boss was inclusive enough – and nearly a third have already done so.  A survey conducted with over 19,000 working millennials across 25 countries showed that new opportunities, better work life balance, a clear career path and recognition from managers and peers are more highly regarded by millennials than money.
  3. To unlock innovation
    Non-diverse teams often share too close a common culture or mindset, so can tend to approach problems from a similar angle and not considering things ‘outside the box’. Diverse teams can approach a problem from different angles, and 85% of businesses believe that diversity plays a big part in the most innovative or unexpected ideas.  It’s these differences in work ethic and world view between millennials and Gen Z, for example, that can truly help businesses; millennials are multi-taskers and have been described as educated, positive about tech, people-orientated, environmentally conscious, and progressive; while Gen Z is ambitious, tech savvy and entrepreneurial. Inclusive leaders can leverage this diversity to be more innovative.
  4. To outperform the competition
    Recent research has shown that companies with inclusive practices in hiring, promotion, development, leadership, and team management generate up to 30% higher revenue per employee and greater profitability than their competitors. Diverse teams with inclusive leaders are 17% more likely to report that they are high performing, 20% more likely to say they make high-quality decisions, and 29% more likely to report behaving collaboratively; while a 10% improvement in perceptions of inclusion increases work attendance by almost 1 day a year per employee, reducing the cost of absenteeism.
  5. Remote working and a global workforce
    Globalisation has made the world a smaller place, bringing customers and businesses together – meaning that your employees not only need to be sensitive to differences between national boundaries but also understand and work within them. Having employees that speak multiple languages helps to build international relationships, therefore increasing the chances of successfully opening foreign markets.

With today’s business leaders operating in an increasingly complex global environment, the suite of 100% online Leadership and Management MScs from the University of York could be invaluable. Designed to build practical leadership skills and knowledge while      developing a theoretical understanding of the business environment, the courses cover three key disciplines, innovation, finance, and international business. All of these help to develop the distinct skills required for effective leadership across industries, functions and roles.

The course is delivered 100% online and is designed for study at your own pace. You can choose to carry on in your existing career and fit studies around other commitments too. Six start dates a year, flexible payment options, and postgraduate government loans for those that are eligible, add to its flexibility.

Find out more and begin your application.

Eight skills for effective leadership

/in /

Bad leaders have a huge impact on businesses. According to James K Harter,  Gallup’s chief scientist for workplace management, at least 50% of people have quit because of a bad manager; while 75% of the reasons for costly voluntary turnover come down to things that managers can influence.

Fortunately, leadership capabilities can be trained and improved. Managers can ensure that they have the basic set of skills necessary for leading a group of people towards a common goal.

Here are eight skills for starters:

  1. Effective leaders know their team
    One of the things that separates an average leader from a great one is caring      about their people. The more you take care of your team, the more motivated they’ll be to take care of your products, customers and ultimately help your company achieve its mission. Take time to learn more about who your team members are, how they like to work and what their interests and talents are.
  2. Innovate and commit to a vision
    The Harvard Business Review interviewed 33 leaders in the top 99th percentile for innovation (as measured by their peers, employees and bosses) and found that innovative leaders all display excellent strategic vision. They can picture and articulate what they want to achieve, why it’s important, and how they’re going to do it.
  3. Lead by example
    While some leaders adopt the “do as I say, not as I do” philosophy, the most effective leaders lead by example, with integrity and high energy, following the same working patterns, advice and ethics that they expect from their team.
  4. Are direct
    As a leader you must work towards implementing a culture that allows people to speak their mind freely and share their thoughts without fear. By telling people what you think of their work honestly, they both feel recognised and know how to improve.
  5. Effective leaders listen to their team
    It’s important to realise that your team aren’t the only ones to benefit from honest feedback:      you can too. Seeing things from your own perspective may not be enough to really see things as they are. Talking to other people (friends, leaders, employees) broadens your horizons and gives you the necessary perspective to explore areas that need improvement.
     
  6. Give credit where credit is due
    Workplaces where leadership is lacking have toxic cultures that do not foster trust or collaboration. In a 2019 study by BambooHR, 57% of employees said that a boss taking credit for other people’s work is unacceptable. Give credit where it’s due.
  7. Serve as a mentor
    We all know from our own personal experiences with great parents, teachers, coaches and mentors that great leaders care about improving the lives of those around them. As a leader, you are a mentor to your teammates. And, just like good parenting, good mentoring requires building people up, not breaking them down out of frustration.
  8. Are digitally aware
    It’s not possible to be an innovative leader in the 21st century unless you’re also digitally savvy. A study by DDI found that digital-ready leaders (those with the skills and capability to operate effectively in a digital environment) are more likely to feel that they are “definitely engaged” at work; and twice as many digital-ready leaders feel a sense of accountability for effectively leading their people. In addition, companies that have the most digitally capable leaders financially outperform the average by 50%.

Ultimately, there is no one-size-fits-all solution to leadership; different styles suit different people. You therefore need to find the style that suits your innate personality and strengths. With today’s business leaders required to operate in an increasingly complex global environment, the 100% online Leadership and Management MScs from the University of York are designed to build your practical knowledge while developing your theoretical understanding of the business landscape.

Covering three key business disciplines, innovation, finance, and international business, they      can help you develop the distinct skills required for effective leadership across a huge range of industries, functions and roles. You will also benefit from the ethical, socially responsible and international themes that underpin all programme content.

The 100% online curriculum is designed to enable you to study at your own pace, alongside your existing career. There are six start dates per year, flexible payment options and postgraduate government loans to cover the full programme cost, for those that are eligible.

Find out more and begin your application.

Proactive or reactive: which type of leader are you?

/in /

What enables a person to be an effective leader? Leadership has different facets and being able to identify your own leadership style as either proactive or reactive and having the ability to switch between the two can make a huge difference to your success. So, what are the different styles and which do you most identify with?

A reactive leader can handle pressure that comes their way in real time

Reactive leaders take responsibility and solve problems on their own. They also often possess ‘firefighting’ skills; the ability to think quickly, creatively and yet logically when faced with an emerging situation to prevent problems. Firefighting can be an extremely useful skill, but doesn’t lend itself to long term planning or analysis to prevent the problem from arising in the future. Rather than being prepared for future challenges, reactive leaders may miss out on opportunities because they have not anticipated change. A reactive leader and workforce is exactly what companies need to ensure that the business can survive short-term unexpected issues.

Proactive leadership styles are focused on the future

Being a proactive leader requires a different mindset and skills, figuring out what needs to be done and how to achieve it without knowing exactly what the future holds. In a business context this means building a sound knowledge of your market and competitors and learning how to anticipate change, not just waiting for it to happen.

There are many advantages to adopting a proactive leadership approach. These include more accurate and effective strategies and projections, ensuring the business is relevant to customers, improved cost and resource efficiency, aligning daily decisions with long-term objectives, and getting ahead of the competition. The downside of a proactive approach is that focusing on the future can mean you are not fully focused on the task at hand, which could have serious consequences, particularly during difficult times.

Which type of leader is best for business?

In their recent study of one million global leaders, Anderson and Adams found that most struggle to deal with the complex challenges they face. This makes development – both self-development and developing other leaders and future leaders at scale – a business imperative. In their research, they identified 18 key creative competencies which highly correlated to measures of leadership effectiveness and business performance, falling into five categories:

  1. Achieving – the ability to plan and get results
  2. Systems awareness – the capability to think systemically and design organisational systems for higher performance
  3. Authenticity – the willingness to act with integrity, speaking the truth even when it is risky
  4. Self-awareness – recognising your own strengths and weaknesses and taking ownership of your decisions
  5. Relating – the capability to build teams, collaborate with, and develop people

Reactive leaders can be considered successful in many respects, Anderson and Adams believe that the focus tends to be on ‘quick wins’; large achievements in the shortest possible time that doesn’t allow them to concentrate on other parts of their role that would give greater long term success, such as strategizing or forecast analysis.

A strong leader needs to balance reactive and proactive skillsets to be able to act in the short term, and plan for the future.

If you want to enhance your leadership style and futureproof your skill set, the 100% online Management and Leadership Masters programmes from the University of York provide the fundamental concepts, theories and practical applications of innovation, finance, and international business – vital for professional adaptability and employability across industries, functions and roles.

With all course content available online you can access it and study at any time, in any place. Six start dates throughout the year mean you can tailor the course to your own timescales. There’s also the option to pay as you learn, and you may even be entitled to a UK government-backed postgraduate loan, covering the costs of the course.

Find out more and begin your application.

Why finance must embrace the fourth industrial revolution

/in /

An explosion of new technologies such as automation, robotics, big data, machine learning, augmented and virtual reality and personalisation is changing the way businesses operate – so much so that some commentators are heralding a fourth industrial revolution. Sectors such as healthcare, retail and agriculture are storing and analysing data, to gain insights and implement better practices. It seems, however, that technology in finance has been entirely focussed on hardware and efficiency, without offering much in the way of benefits to its customers.

In fact, technology could be the very thing creating a barrier to accessible, user-friendly finance. The Financial Times estimates that 70% of stock trading is automated – JP Morgan states that less than 10% of stock decisions are taken by individuals – meaning that much of the financial world is entrusted to obscure algorithms that are incomprehensible to most financial services users, resulting in lower levels of engagement from users. This is echoed in research from Scottish Friendly, which has revealed that 53% of Brits are suffering from a chronic case of ‘investophobia’. The fact is, while technology should be making finance far more accessible, it remains a foreign industry for most people.

Lagging behind

While estate agents and travel agents once worried that their industry would shrink if the public had more access to data and information, the opposite happened. The internet’s easy access to data enabled users to make smarter decisions, and both industries expanded. Travel sites such as Kayak, Expedia and booking.com let users see all their options at once, increasing a feeling of empowerment. In the same way, the housing market benefited from sites like findaproperty.com. In contrast, financial advisors still hold the keys to many seemingly simple procedures; for example, it is still not easy for users to compare the risk, returns and fees associated with an investment.

Increased accessibility for consumers

However, things do seem to be changing. New research forecasts that by 2021, nearly 3 billion users will access retail banking services via smartphones, tablets, PCs and smartwatches. Banks will need to focus on providing a more frictionless digital experience, especially if they are to remain market leaders. Of course, it’s not just banks we’re talking about; Uber can link to your credit card so you don’t have to exchange cash with your driver; and insurance companies can use black box telematics to bill you according to your personal driving performance. The expectation and demand for accessible tools for managing money will inevitably lead to similar innovations in finance.

Why does it matter?

Creating easier access to financial tools and markets could be one of the greatest catalysts for strong, global economic growth. More importantly, technology could also lead to transparency. As the financial world becomes more opaque and complex, technology and understandable data could bridge the gap into simpler language and allows people to understand and therefore engage and become more involved.

If you want to know more about the changing financial environment and how you can build  a career within it, the online MSc Finance, Leadership and Management from the University of York can help. It provides training in financing longer-term corporate projects by developing a holistic view of the opportunities and risks present in financial markets. In addition to providing the fundamental tools and theories of finance, it places theories in the wider contexts of economics, management and organisational behaviour, and will help you develop a critical approach to problem-solving, effective communication skills, and insight into your own professional development; all vital skills for effective leadership in finance.

With the course 100% online, you can study at any time, in any place, and with six start dates throughout the year, you can start your course when it best suits you. There’s also the option to pay as you learn, and you may even be entitled to a UK government-backed postgraduate loan, covering the full cost of the course.

Find out more and begin your application.

Five steps to conducting a cyber investigation

/in /

With our lives increasingly dependent on computer networks and the internet – both potential targets of terrorist and criminal attacks – cyber security is one of society’s greatest challenges. Now, more than ever, IT professionals are tasked with determining specific cyber security needs and effectively allocating resources to address threats.

It is vital that, in any organisation, when a security incident occurs, there is a clear process that is understood and followed by those investigating and resolving the issues that it creates. There are many proposed methodologies for digital forensics, but generally they can all be condensed into the same logical steps:

What happened?

When a security alert is raised, the first thing that needs to be addressed is gathering the most essential of information:

  • What the alert was
  • When it was discovered
  • If it is still ongoing
  • What systems were affected or what impact has been seen
  • What other knock on effects it may have

 

Speaking to the team – or collecting the data logs from the reporting of the affected sector – gives you much of this information. Gathering the data is vital to understand the scale of the problem before taking any action.

Plan your next steps – and follow procedure

Information gathering is vital, as once you start attempting to fix the problem, you physically change the data and the network environment. If the scale of the issue isn’t fully understood, then an insufficient fix can actually mask the security breach without eradicating the problem. Also prioritise your efforts, saving the most stable sections until last and working on at risk or volatile areas first. Procedures should exist to follow legal guidelines, such as gathering and preserving evidence for possible prosecutions.

Evidence

Digital evidence is no different than physical evidence – once touched it can be permanently changed, or potentially leave somebody else’s ‘fingerprint’ on it. This is where documenting, dating and signing off every step is required, if only for auditing purposes. Keeping master files intact and only carry out work on copies to make sure there’s always a single reference point.

Use your data

Networked computers, particularly those across state or national borders often have different time stamps. By working logically, in time and to the actual timeline of events, you can see how things unfolded, what was affected and when, and then hypothesise and test theories. Evidence also relies on things like file names and metadata, so these are important to preserve and record.

Document your findings

The final report should be robust and all the data and conclusions water-tight, but also understandable by non-technical staff or those without IT backgrounds. These reports could also need to be reviewed and used by criminal or legal investigators, meaning that supporting appendices could be very helpful. This kind of forensic evidence and the report should meet court requirements and provide valuable evidence to the business and those affected.

In the UK, the number of digital technology jobs has grown at twice the rate of other roles. The University of York’s MSc Computer Science with Cyber Security online Masters programme is designed for working professionals and graduates who want to launch their career in this in-demand and lucrative field but may not currently have a computer science background. Graduates of this programme go on to a range of positions in software and web development, IT systems, support and programming.

Focusing on network and operating system security, risk analysis and secure software development, it will grow your expertise through specialist modules and projects, and develop your core computer science skills. The 100% online programme allows you to study around work and home commitments, at different times and locations, and has six start dates a year. There is a pay-per-module option available, and you may be eligible for a government backed postgraduate loan which covers the course cost.

Find out more and begin your application.

Encryption and its role in data security

/in /

Businesses have always relied on data but as we gather more and more information, it’s created a situation where the security of the data is just as important as the info itself.  Recent changes to UK and EU law have meant that data security is at the front of many people’s minds, particularly for confidential or sensitive data that some businesses need. The financial penalties for non-compliance also mean companies are no longer rejecting data encryption options based on cost, but are assessing them for the risk they help mitigate.

Encryption is simply the process of taking readable information using an encryption key to alter it into what appears to be gibberish. The encryption key both encodes at the sender’s machine and decodes at the recipients, and without it the message should be useless.

Why is encryption vital for all organisations?

Leaving data unencrypted on your network is an open invitation to cybercriminals, and one that could potentially bankrupt your business. But hackers can’t profit from data they can’t read. As a result, more organisations and individuals are using encryption to protect sensitive data stored on computers, servers and mobile devices like phones or tablets.

While the primary purpose of encryption is to protect the confidentiality of digital data stored on computer systems or transmitted via the internet or any other computer network, when implemented properly, it can also:

 

  1. Improve security
    While we can take measures to protect IT systems and computers with firewalls and anti-virus software, these aren’t infallible against determined cyber attackers. Encryption rounds out your security arsenal by not only protecting data whilst in transit – when it’s at its most vulnerable – but also for other types of attacks, as managing to steal encrypted data is a lot of effort for very little gain, as the data is almost useless without the encryption key.
  2. Maintain data integrity
    Encryption also helps to reduce fraud by preventing data from being adjusted by unauthorised people. Hackers may not want to steal the info, but instead alter contact details or security questions, to allow another accomplice to phone up, be able to answer security questions and then commit fraud. Encrypted data could be adjusted, but once decoded, the alterations would be apparent and highlighted for fraud.
  3. Help compliance
    A key principle of the GDPR is that you process personal data securely by means of ‘appropriate technical and organisational measures’ and – where appropriate – look to use methods such as pseudonymisation (the practice of replacing identifying data with artificial values) and encryption. It’s therefore important that an organisation’s IT, security and legal teams work together to define what data their business needs to store, where it needs to be stored and the level of encryption that’s going to be used.
  4. Protect data across devices
    Mobiles and devices such as laptops, iPads and home computers are a big part of our lives and transferring data from device to device is a risky proposition. Encryption technology can help protect stored data across all devices, even during transfer.
  5. Protect privacy and increase customer trust
    Sensitive customer details, such as bank records, credit card numbers or order histories are simply expected these days to remain secure. Customers who don’t believe their information is safe are unlikely to allow businesses to use it, preventing them from collecting payments or processing orders.  Encryption can be used to protect sensitive data, including personal information for individuals, helping to ensure anonymity and privacy, and increasing customer trust.

 

But while encryption is the most effective form of data security, on the whole it is still woefully underutilised. One reason for this may be that demand for computer science skills far outstrips the supply of qualified graduates.

The University of York’s MSc Computer Science with Cyber Security online Masters programme is designed to advance computational thinking; software development skills and develop a broad-based knowledge of computer science to equip working professionals and graduates for a range of positions in software and web development, IT systems, support and programming. The 100% online programme allows you to study around your existing work and home commitments, at different times and locations, and has six start dates a year. There is a pay-per-module option available, and students may be eligible for a government backed postgraduate loans which cover the cost of the course.

Find out more and begin your application.

What is forensic readiness and why is it so important?

/in /

Digitisation offers businesses a huge number of benefits, but at the same time can increase the risk of cyberattacks or security breaches. As well as protecting the business, forensic readiness is becoming a focus for many, as a way of collecting, protecting and analysing legally admissible evidence following security investigations, whether this is to internal processes, tribunals or even the courts. The challenge for companies is making sure the company can maximise its digital evidence without investigations costing large amounts or having an undue impact on the business.

Most companies understand why disaster recovery and business continuity plans are important, but forensic readiness is treated as a lower priority and only taken seriously after an incident – and even then, many times without process. In a recent survey, nearly half of company executives stated they don’t conduct forensic readiness tests and a third don’t understand their role in cyber response plans.

Proactivity is key

Taking a reactive approach is not advisable, principally because waiting until after the fact puts a huge time pressure on gathering evidence before it’s deleted, modified or causes a total loss. Without having a planned approach, it’s also more likely that the disruption to the business will be greater following a cyber incident, where limiting the effects of the attack take first priority. The greater length of time this goes on, the greater the risk that it could start to affect customers and clients.

Having all the plans, skills and capabilities working together to gather, preserve and analyse evidence following an attack is key to minimising impact, and should also include legal teams and PR professionals. Forensic readiness prevents wasted time in trying to figure out how to collect and preserve evidence on the fly and ensures the business gets back to normal quicker, in turn allowing IT professionals to understand why the attack happened and take steps to prevent it happening again.

There are also other significant benefits; an efficient process limits the amount of time and money used for investigations, it reduces the disruption to business as usual and also prevents the initiators of the attack having time to cover their tracks completely. Forensic readiness plans also mean companies can show due diligence or compliance with various regulations and being able to demonstrate these procedures increases the trust that your suppliers and customers have in the company, thereby potentially increasing loyalty.

Offering foresight

Forensic readiness can also help to reveal potential incidents before they become a serious problem. It allows cyber threats to be uncovered, traced and prevented.

Businesses no longer ask how they can respond to a cyber incident when it occurs. Instead they’re asking themselves ‘how often will we need to respond’ or ‘how do we withstand persistent attacks’. Having forensic readiness and providing employees with the knowledge, practice and skills they need can help organisations mitigate risk through preparedness and increase overall business resilience.

Forensic readiness requires a great understanding of cyber security, the threats involved and an in-depth knowledge of the industry and business at risk. As these attacks become more and more common, businesses are employing specialists to mitigate the risks and help them recover more quickly. Designed specifically for ambitious professionals, the University of York’s online Computer Science with Cyber Security MSc means you can earn a Masters degree in an in-demand field from a world-class Russell Group university without putting your current career on hold. You can access course material and study any time, anywhere, on a variety of mobile devices, and with six start dates a year to choose from, you can start when best suits you. There’s also the option of paying per module so that you can split the cost of tuition fees across the duration of study. You may even be entitled to a UK government-backed postgraduate loan to cover the full cost of the course.

Find out more and begin your application.

Human factors the biggest threat to cyber security

/in /

Cyber-attacks are now a daily occurrence, with a third of businesses reporting a security breach in the last year. The focus of breaches tends to be on organised crime, where the methods are becoming highly sophisticated, but one of the major threats to cyber security are a company’s own employees. In truth, a self-reported data breach is 7 times more likely to be a human error than a malicious attack.

How criminals use human error in cyber attacks

Human error attacks usually rely on phishing scams or internet/email link clicks. These kinds of scams are becoming more sophisticated and are using the forms, language and even fonts of trusted companies in order to hide the unauthorised usage.  According to the Anti-Phishing Working Group’s (APWG) Phishing Activity Trends Report, the number of phishing attacks detected in the first quarter of 2018 was up 46% from the last quarter of 2017.

Phishing and social engineering are only part of the problem for human-error based breaches. Many companies allow employees to work on their own phones, tablets and computers – the Bring Your Own Device (BYOD) model. When employees reduce or even remove the barriers between the professional and the personal by having both on the same device, something as simple as a rogue app can mean employees are only one click away from revealing sensitive business information and putting the company at risk.

A collaborative approach is vital

Companies take cyber threats very seriously, but as employees are often the weakest link in the security chain, more training and awareness is needed. Employees at all levels should understand that responsibility for security lies with them and isn’t just “something for the IT department”. Current simulations rarely represent the threat in the real world, as they tend to focus on fault or blame for security breaches and the threats themselves are constantly evolving. Instead, making simulations applicable to how employees work every day and allowing them to take control and identify threats could easily yield better results.

Create an accessible cyber security plan

Expecting all employees to become security experts and avoid every threat is unrealistic. Instead, the aim should be to help them understand how they will be targeted and crucially, that they should be free to ask for help as not all ‘reset your password’ emails will be malicious and not all emails from a bank will be genuine.

With IT department heads struggling to get their employees to respond to notifications of a vulnerability or attack and take appropriate action, teams need to find immediate ways to alert staff to potential threats. Apps such as Workplace (Facebook’s enterprise connectivity platform), that cut through the noise of emails and uninspiring intranets and enable the sharing of security awareness messages quickly, might therefore be a better solution.

Consider ways to make it easier for employees

‘Strong’ passwords, which are lengthy, complicated and full of unusual symbols have been the preferred barrier in recent years, but they may actually cause a bigger problem. In fact, research shows that users are likely to write down trickier passwords, undermining their strength. Instead, organisations should take steps like reminding people what the password structure is before they try to enter it, or letting them look it up instead of only telling them at reset. They could use approaches which let staff set complex but memorable passwords, two-factor authentication or alternatives to passwords to make authentication easier. It is also vital that everyone who needs digital services to fulfil their role can get easy access to them, so they don’t resort to sharing passwords with other people to ‘get the job done’.

What works in the isolation of the IT lab will often fail when it has to be used by real people every day. Collaboration and input when designing these policies can help employees make good decisions and can really help uptake and responsibility for security.

Do you want to make your mark on the future of cyber security? Designed specifically for ambitious professionals, the University of York’s Computer Science with Cyber Security MSc enables you to earn a Masters degree without putting your current career on hold. The course covers topics such as security risk analysis and network and operating system security as well as broader computer science topics such as software development.

It’s 100% online so you can access course material and study any time, anywhere, and on a variety of mobile devices. With six start dates a year to choose from, you can start when you choose and complete the programme within 2 years. There’s also the option of paying as you learn, and you may even be entitled to a UK government-backed postgraduate loan to cover the full cost of the course.

Find out more and begin your application.

The value of good management

/in /

There are many who take the concepts of ‘leader’ and a ‘manager’ as interchangeable. For many junior positions, these words are synonymous, with Team Leaders and Team Managers essentially performing the same function. The truth is that leadership and management are two separate disciplines, each with their own individual skillsets, aptitudes and most importantly, value to a business environment.

People prefer to be thought of as strong leaders, rather than strong managers. Leadership tends to conjure up images of inspiration, striving forward and taking your followers on a journey of improvement. Being thought of as a manager is far less romantic. However, while people may aspire to lead, they need management skills and experience to be successful.

What does a manager do that a leader doesn’t?

Management skills often relate to the technical aspects of a role. Good managers are experts in their fields, using experience built over time to give them a wide, overarching knowledge of their sector. They can control processes, resources or operations, exemplify best practice and ensure smooth running of the day to day business.

Strong management skills are business critical in many situations. Good managers are able to understand and control all of the resources at their disposal. Familiarity with systems and processes gives a wide, overarching knowledge that allows managers to control outcomes effectively.

It’s important to remember that employees are the most valuable and variable resource available to managers. While leaders aim to inspire employees to do more and grow, managers understand growth must be guided and channelled effectively.

Management isn’t a standalone skillset

Management skills may be seen by some as more technical, resource-focused and numerical, while leadership is softer, more people-focused and human, but neither discipline is entirely separate. Leaders still need the skills that managers possess to get the most out of every resource, whether it’s time, employees or operations. The most effective managers have leadership skills, just as the most effective leaders have management skills.

It is possible to ensure that you have the best of both worlds: the University of York offers 100% online MSc programmes in Leadership and Management. They provide essential skills, such as effective communication and critical approaches to problem solving, which will help you develop a range of approaches to business. As all learning materials are delivered online, you can study when it suits you best, avoiding the need to take a break in your career. You can keep your current role and salary and apply what you learn while you earn. There are also six start dates throughout the year and the ability to pay-per-module, making this an extremely flexible way to gain a prestigious Masters degree from a Russell Group university.

Learn more and begin your application.

The changing role of the IT leader

/in /

The skills and knowledge required by leaders change frequently, reflecting a huge number of different factors, from technology to people to politics. These changes have been keenly felt by IT leaders, as businesses focus more on innovation and become increasingly reliant on technology.

These shifts have seen IT leaders entirely refocus their priorities, often from primarily operational positions to being more and more strategy-led. No longer are IT departments just there to make sure websites, CRMs and email servers are working properly. Now IT is focussed on digital transformation to make sure the whole company is working in harmony. IT ensures data is secure, but accessible by those who need it, allowing the whole business the right tools for innovation and success.

Influence

Arguably IT roles – particularly the Chief Information Officer (CIO) – are more influential than ever before. Individuals in these positions are increasingly responsible for innovation and revenue generation. In order to fulfil these new expectations, they need to become more involved and more influential in the wider business, with an in-depth understanding of operations, planning and business functions in order to comprehend the impact of innovation on aspects like organisational change and strategy development.

Vision

These new responsibilities all require vision and impeccable communication skills. Technical expertise alone is no longer enough for IT leaders. They need to be able to explain new concepts and innovations to those without the technical understanding, with long term strategy and bottom line growth in mind.

Marketing teams commonly work on an outsourcing model, plugging gaps in their team’s knowledge and allowing for project flexibility. As technology keeps pushing forward at a rapid pace, CIOs are starting to embrace a similar model. By reinforcing internal teams with external suppliers, IT departments can accomplish things they may not have the expertise or time to fulfil in house.

Continual learning

With such rapid changes in technology and innovation, CIOs and those with aspirations to become IT leaders need to keep their skills constantly refreshed. Deloitte’s CIO report found that tech leaders are committed to ongoing learning – a trend that’s expected to continue over the next few years. Not only that, but the vast majority of them (96%) consider educating the business about technology issues to be one of their responsibilities.

To support continual learning, the University of York have introduced a 100% online MSc Innovation, Leadership and Management. Aimed at ambitious career climbers, it teaches the skills and knowledge required to help individuals to succeed in IT leadership and CIO roles. It covers topics such as innovation management, leading change and business operations: all important elements of the modern day IT leader role.

As all course materials are delivered online, there’s no need to take a career break, so you can study whenever it suits you. Flexibility is built in with six start dates per year and pay-per-module options, allowing you to study for a prestigious Russell Group university degree around family and work commitments.

Find out more and begin your application.