Home truths for the board about cyber security
As an organisation, we ourselves have been dealing with the ever growing threat of cyber criminals, as the founder I have some very firmly held views on the actions we as an organisation must take to protect not just our own data but that of our clients, lucky for me the CEO and my business partner has the same very strong views on implementation of cyber security so it makes us a great team to ensure that we are leading the cultural change within support tree to be a cyber aware organisation, as it is only by engaging the whole organisation in this journey that we will successfully commit to a protected organisation.
We have been paving the way to this cultural shift for more than 2 years, we started the commitment to this change by implementing technical solutions with little thought to our people of process and the implication that would surface, We have since of course moved on from this and have great insight and first-hand experience on how NOT to roll out good protection.
As a result of travelling this journey, I am writing is to all those owners and directors that have decided that it’s time to do something about protecting their most precious assets but have a fear that is stopping them from acting.
let me share with all those out there some myths that are thrown around most board rooms.
Myth 1, Cyber security is too complex for a board member to understand, OK let’s think about this in a different way, do you make financial decision about the organisation you run, if the answer is yes ask yourself if you know the detail of every bill and invoice the company produces, or are you a wiz accountant with 20 years’ experience, the answer is no? then how are you qualified to make critical financial decisions for the business? Of course mitigating risk through implementing the most appropriate cyber security measures does not require that you have been trained for the last 10 years in data protection and threat analysis to name a few, if simply requires that there is access to the right people and clarity on the degree of risk you or your organisation is willing to take. There is no need to make this complex.
Myth 2, nothing you can do to stop an attack, again if this was true everyone would by now have been impacted, the reality is most cyber-attacks are based on common and well-known techniques, so taking small strategic changes to your security will pay handsomely in keeping your assets safe.
Myth 3, attacks are targeted, again the vast majority are opportunistic attacks, the attacker, they leverage the under investments of the c-suite to exploit well known and easy to breach vulnerabilities, this approach requires little effort and reaps a great reward for the attackers, whilst causing no end of disruption and reputational damage to those attacked, and of course this myth is born out of itself, leaders believe attacks are targeted so don’t do anything to protect themselves which in turn leave them more vulnerable than anyone.
There are many reasons that are not initially thought through as reasons for the leaders to be involved in implementing cyber security, but really it depends on how a leader defines cyber security, the question should be, is cyber security an issue for the IT team, or is it a process for managing Risk? Once you have clarity on this then the right steps will be made.
We have been hosting events to help organisations to start the journey to safer better protected systems through our directors’ forums and cyber security masterclasses, if any of the above rings true and you want to start you journey, why not contact Support Tree to arrange attending an event.