Security is everyone’s business

Credit: ID 162037013 © Chakkree Chantakad |

Whether you work for a big enterprise or small business, you have people that look after your IT and cybersecurity needs. They have it covered, that’s not your responsibility or even something you understand. Cybersecurity is that weird black magic that hackers on both sides (good and evil) do in a strange and fantastical battle for your company’s networks. It is like a game of strategy between medieval knights, with epic battles that are waged over the digital battlefields with blood and gore in the form of computer systems. Data is being captured, apps lost and no clear winner for anyone to see. One false move on either side could see the other take the upper hand. The battle can’t be won by lone knights, this is much bigger than that it will take an army of loyal foot soldiers, squires, maidens, accountants, receptionists and sales staff.

Cybersecurity is not some kind of black magic and there is no mythical battle for your computer systems by virtual knights per se. Cybersecurity is everyone’s business. Yes, I do mean everyone.  From the cleaners, to the accountants, to the temp workers that are only in twice a month. Everyone is responsible for cybersecurity. I don’t mean that you all need to go out and get your staff configuring firewalls or advance endpoint solutions or even hunting threats on the dark web

The cyberwar is real and although it is not waged over that fantasy realm it is happening as we speak in real-time, possibly even on your systems whether you are aware of it or not. Yes, that’s right a malicious actor could already have you and your company in their sights. They are in the process of waging real digital war against you and you expect opponents of sometimes almost unlimited resources to be stopped by James or Jenny, your internal security person. You’re not serious right? One or even five people can not defend against all attacks on all angles at all times 24/7 365 days a year. That’s just unrealistic and almost impossible. Should we just give up when a breach occurs? No, that’s not the answer, the size of the security team your company has at its disposal is the answer. 

Hang on didn’t I just say you only had James or Jenny to keep you secure, I did but that’s not where your security team should end. How many staff does your organisation have? 20, 50, 1000 or more? Why not deputise them all into your security team, bring everyone and I mean everyone into your army. Don’t try to scare them into submission, that doesn’t work. Empower them. Help them understand the threats in plain English or whatever language or jargon they understand best.

Look at the education process as a constant, not a one or two-time thing each year. Help your teams live and breathe security, help them to be more secure at home. Teach them best practises and also explain why they are best practices. You are possibly making their days harder; the process they have followed for 10 years you want them to do it differently. Staff will come together if they understand what is at risk, what we are all fighting for together. Give them a cause to stand up for and be a champion in their team.