[Reading time: 3 minutes]
I am not sure if it is ‘cybersecurity’ or ‘cyber security’?
But I am pretty sure it’s an oxymoron: A figure of speech containing words that seem to contradict each other.
Why could cybersecurity be an oxymoron?
“Cyber” commonly means the internet or more specifically, a system or network that is connected to the internet.
“Security” in this context refers to measures that are in place to protect this system or network from attack.
But there is no such thing as 100% security, especially on the internet. There will be someone out there who can get around even the most sophisticated security defences.
So, why bother with cybersecurity?
You should invest in cybersecurity in your organisation for the same reasons you have invested in a monitored alarm system and locks on your doors in your home.
You know these will not be sufficient to stop a determined and skilled criminal. But you know they may be enough to an opportunistic burglar.
This is about risk reduction, not risk elimination.
You can’t guarantee you won’t be a victim, but you can certainly ensure you are not a soft target.
How do you know you’re a soft target?
I don’t know you or your business but I’ll bet you are at risk if:
- You haven’t heard much lately from your IT service provider about your current cybersecurity measures, or
- When you ask them for information, you’re told “It’s grand. We installed a firewall on the computer network a few years ago.”, or
- No-one mentions the biggest weakness in your security – Your staff.
What to do if you are a soft target?
Find someone like me who can help you. Or if you want to do this alone:
1. Recognise that you need to do something and you need to do it fast.
Implementing small changes will be more successful than talking about big initiatives.
2. Focus on the assets and the processes of most value. For example:
- The process that your staff follow when paying suppliers
- The system your business uses to record confidential client information.
3. Think about how these could be compromised. For example:
- Could someone deceive your finance staff, causing them to transfer money to the fraudster’s bank account?
- Could someone gain access to the system over the internet if they knew a staff member’s password?
4. Think about steps you could take to reduce this risk of compromise. For example:
- Define a clear process that your staff and your suppliers must follow when setting up or changing payment details, which involves more than one member of your staff confirming the request has come from a known contact within the supplier firm.
- Ensure logins to important systems are not possible from the internet and/or involve more than just a password – Something commonly referred to as 2FA (Two Factor Authentication).
5. Train your staff.
- Your staff are your weakest link. It’s no different than your home – Alarm systems and locks mean nothing if the occupants just let anyone in.
- Train your staff so they are aware of how criminals deceive people just like them every single day.
6. Find someone who can continue to advise you on cybersecurity
- You need someone who can independently assess what is appropriate for your organisation, proportionate to the risk and budget.
- If this article has taught you something you didn’t already know, it is unlikely that your current provider is the right fit for the job.
Your data, your money, and your reputation.
If you’re going to lose them, at least don’t make it easy.