Cybersecurity is a technical topic. If technology is not your primary area of expertise, it can be difficult to assess how your firm's current security measures stack up. My Tri-State Assessment Matrix can help, as it avoids the techie speak and focuses on your gut feeling about three areas - technical defences; human defences; regulatory alignment. How these areas are currently positioned gives a strong indication about how IT security is being managed in your firm.
The four phases of the W4 Methodology - Where, What, Why, What (Now) - includes four clear milestones. Each milestone proves the progress you are making as you pragmatically move from your current situation to your desired future state.
When IT is your responsibility but not your primary area of expertise, it can be difficult to figure out how to gain the IT capabilities that you want while ensuring you have the IT security that you need. My roadmap, containing 12 steps across 4 phases that I call the W4 Methodology, can help you work through the process in a pragmatic and sane way.
To reduce the risk of being the next victim of a cyber crime, you need to focus on the most common ways these criminals will try to get your money and the basic defences needed to stop them.
it turns out that Little Red Riding Hood's village had an incident response plan. I'm sure no-one in the village wanted to consider the idea of a wolf eating one of their kids. But they did consider the awful scenario. And they had a plan to recover from the incident.
What was fit-for-purpose 3 years ago may no longer be fit for purpose now. We knew this when we were 8. Now that we are responsible for the success of our organisations, why have we forgotten this?
Running a professional organisation using technology that is designed for the home is like playing golf with a shovel. From a distance, it all looks fine. But you don't need to get too close to realise things aren't going to go well when there's real competition on the course, or if the weather changes.