James is an experienced and versatile business professional who has worked across multiple sectors. He provides complementary skills to executive teams, advising across a range of disciplines including IT strategy, business continuity planning and IT project management.
James is an accredited Cyber Essentials consultant
Should I be concerned about cyber security and where can I start?
The threat of cyber crime is a very real one. However, there is a big difference between being sufficiently concerned that you take action and being so terrified that you behave irrationally or do nothing at all.
The problem with fear is that it sometimes drives the wrong behaviour. Faced with a predator, our instinct can be flight rather than fight. Cyber crime is not a challenge from which to run away or bury our heads in the sand and hope the aggressor picks on someone else.
Empower your staff
A culture of fear can also cause people to conceal rather than reveal risks. This is counterproductive in the battle to protect your organisation against cyber crime. Your staff are both the weakest link but also the first line of defence. Empower them by training them in cyber awareness. Create a no-blame culture. Any individual, even you, can be the victim of a cyber attack. Everyone gets tired and makes mistakes; don’t shoot the unlucky person who falls for a scam. Be pragmatic and when you have recovered from the issue ensure positive lessons are learned and shared throughout the company.
Some basic steps can help you sleep at night
Finally, make the language accessible. Behind every cyber attack is a person. The tools being used might be modern and technical, but the aim is centuries old – people trying to steal from other people. If your staff understand the criminal’s ambitions and their main tricks, they have a better chance of understanding how to protect themselves and their colleagues. Bring it to life by showing how employees can use your advice to protect themselves in their personal online lives, not just their work lives. Far from this being a complicated, faceless crime beyond comprehension for non-IT professionals, it is something they really can understand and influence.
Fighting cyber crime requires a strategy, but technical tools are only half the battle. Preparing your people well is the other piece of the jigsaw. Even doing some basic things can make a big difference – quickly and cost effectively. The threat is real, but it need not keep you awake at night.