The language being used can certainly prove to be a barrier for some, especially at board level.
Many boards are not familiar with the terminology, which can limit some important questions being asked.
Compare this to when a large or small corporation relocates to new offices.
Board members can often become experts on architecture, soft furnishings, sofa and desk design, and they are comfortable asking the questions – unlike when the cyber expert talks about implementing DMARC to prevent phishing, or the latest cyber attacks as a result of social engineering.
Nervousness sets in and critical business risk discussions in the boardroom become an ‘IT issue’.
Tech jargon may be good for techies who speak the language, however, it is not so beneficial for CEOs, COOs or the general public, and can lead to businesses and individuals doing nothing and taking the ‘it won’t happen to me’ approach.
Cyber sounds like science fiction
In many ways the word ‘cyber’ has helped caused some of the confusion.
It has a science fiction ring to it, when in fact it became commonplace in the 1940s as part of cybernetics, the link between engineering, humans and machines.
Go back further and it was used in a different form by the Greeks, all, of course, before the modern computer was invented.
In reality we are talking about computer networks, which are usually linked on the internet or world wide web.
It’s that simple – humans doing things through the use of linked computers, whether through traditional computers, or computers that control other machines, payment systems or anything else.
When tackling cybersecurity, businesses of all shapes and sizes need to consider the threats from within as well as those from the outside.
This isn’t as dramatic as it sounds.
Many companies hire people and provide no familiarisation with what they can and can’t do on company computers and equipment. Every new employee should have a half day where they are given a briefing on the dos and don’ts.
For example, social engineering linked to all types of social media accounts will make your business a prime target for a phishing attack; just one click on a link and your company network is infected, all because the new employee just didn’t know.
It’s not their fault, but I am certain they got an input on fire safety on the first day.
You can’t do everything; just as counter terrorism focuses on the priority threats, it is the same here.
Do you consider what your most important asset that needs protecting first is? Is it customer data, your client communication systems, power for your business process or highly valuable intellectual property? Once you know what it is then you can think about protecting it and focus on what capital outlay you can afford to do it.
Consider simple steps you can you take
Thinking about the insider threat again: do you allow employees to plug in removable media or phones to charge in the USB slot?
Or do you, like in an organisation I once worked for, superglue the slots up? Simple and crude but it works. Understanding what the risks are is crucial, and that doesn’t always require techie speak.
Your employees may not like it, but your company will be safer and so will their jobs in the long-term.
To sum it up, the wait and see approach has had its day. Recent events show that it’s not a case of if but when a cyber attack will happen, and when it comes have you done everything reasonable to stop this from happening?
Have you – considered and responded to the insider threat? And asked the techies to explain the process in simple language?
Other steps you can take include taking advice from the National Cyber Security Centre and joining a Cyber Security Information Sharing Partnership.
If you have then you are already on the cyber protection highway; if you haven’t, you could be on a muddy path littered with hidden obstacles just waiting for you to step on them.
