Hard Truths About Driving a Security Mindset
Working in cybersecurity as a consultant can be eye-opening. We regularly see clients who, despite knowing they need cybersecurity, come to us with little or no real security controls in place. Our job is to quickly assess where they are most vulnerable and recommend solutions and then implement a plan to bring them up to speed.
The process isn’t always straightforward or easy for the company’s employees—they are used to their routines and frankly are extremely busy and it’s tough to get them to adopt the needed changes in technology and in their security mindset. The following are hard truths we’ve seen and realized as the result of watching and guiding numerous organizations to get it right.
Change is Painful (But the Alternative is Costly)
If you’re holding on to the security status quo, it’s going to cost you. We see companies that are so busy growing that they put off cybersecurity. The result is costly reworks and policies that could have been much more easily (and more cheaply!) handled if addressed earlier when the company was still relatively small.
Culture Matters
Culture matters. These unwritten rules and norms can define you and provide a competitive edge. Culture can also be a catalyst, driving your people to work harder or be more creative. And it goes without saying that a dysfunctional culture can hamper or even sink an organization. Pay attention to how you ingrain policies and rules around cybersecurity—it can be seen as a hassle or just another norm.
Employees Are Your Greatest Asset
A well-educated workforce can push your cybersecurity program to the stars. Bad actors target the vulnerable, including those companies that think they are too small to be attacked. Make sure your employees know they are the first line of defense. Give them the skills they need with training and testing (phishing email simulations, hacking exercises and practicing a breach), so they slow down, trust their gut and verify.
Ignorance is Bliss (Until it Isn’t)
Without foundational cybersecurity knowledge in-house, you may not recognize risk or be aware of cybersecurity requirements. We had a client who didn’t realize that they had access to controlled unclassified information (CUI). Get smart by asking for a free assessment and estimate (or several) from a cybersecurity partner (or partners). It can help you understand your security stance and identify areas where you need to improve.
Cybersecurity is a Cat and Mouse Game
Threat tactics change fast. Bad actors work hard to get to your data. Once they have an attack that works, it’s payday. Be cautious of any security solution that you “set and forget.” A strong cybersecurity program requires management and constant monitoring.
There’s no Need to Reinvent the Wheel
Although every company is unique, the fix for cybersecurity problems often comes down to the basics: Best practices and proven models. An experienced partner with a strong network and technical skills can steer you toward the right tools and proper configurations.
Learning from the experience of others can make your cybersecurity growth path a smoother journey. One last truth: Finding a good partner to provide the subject matter expertise for plans and implementation can help your business grow while also strengthening security.
