If someone were to ring your main switchboard right now and ask to speak to the person responsible for cyber-security, who would they be put through to?
It’s one of those simple-sounding questions which can get everyone pointing their fingers at far corners of the office. The further the better.
Most often it’s the IT people (either internal or external) who’ll end up taking such a call. But they might not consider it their problem. Instead they might point to HR, believing it to be more of a staff discipline/training problem.
Sometimes there’s an outside consultancy or a department hired to look out for online attacks or their potential, and to do whatever’s necessary to put defences in place. But do they really “own” what the company should be doing about this crucial area? (Come on, the caller’s still waiting!)
After all, there may be nothing more vital for a company’s very survival than keeping hackers out. A loss of IPR (industrial espionage or theft), a data breach involving a customer or staff database (which overnight could destroy trust the organisation has worked so hard to build up), the potential for crippling (or terminal!) GDPR fines, the shame of becoming yet another headline… the list goes on and on.
So, who’ll pick up the phone?
Should perhaps directors, senior executives and business owners step up to the plate and acquire at least a good working knowledge of the cyber risks facing their organisations, in order to own it, and then be able to make best-possible decisions?
Things like the Government's well-intentioned and good-up-to-a-point "Cyber Essentials" course, or various ISO standards, may be constantly bandied about at board level as something which will magically protect the organisation from this point on. But in reality, however good a single box-ticking exercise may be, nothing can ever replace senior executives knowing the basics and being able to formulate and maintain their companies’ own cyber defence policies.
In case it helps to move any or all of this forward, we’ve put together a four-module course - Cyber Cornerstones - designed to bring those at the top up to speed, giving them a working knowledge of the basics. If you’re interested in attending a free 60-minute introductory seminar, let me know.
Participants will take away a White Paper summarising what has been covered in each section, and they’ll be given a template and instructions for using it, to help create their own cyber-security policy. More details at: https://www.shayype.com/training-courses .