Why most common advice about cyber security doesn’t work
A lot of the advice freely available on cyber security is in isolation good advice. Even software companies with an obvious agenda to sell you their product for the most part make a good business case for why you would need their product and why it make a meaningful positive impact on your business. On top of this the measures in place by the likes of Apple and Microsoft who produce operating systems show they are taking cyber security more seriously.
So why, with all of this is there still an abundance of cyber security threats to your business?
The short answer is because of two factors:
1.No single security measure on its own will ever be sufficient. Threats change daily.
2. You’re cyber security measures will always be vulnerable to human error and you can’t buy an off the shelf fix for that. Ongoing management is essential!
For point 1. let’s look at a scenario where you purchase antivirus software for your company. If you choose wisely this will do a great job. It will most likely scan incoming email, make sure it’s clean and periodically scan your systems for anything that doesn’t look right. It will also provide you with the tools to remove anything that could cause you harm. All in all a very useful tool to have but not enough on it’s own. For example what it can’t do is protect from a member of staff having an easy to guess password. Or to put it another way the front to your house has the best locks on the market and is shut tight but you’ve left your back door open. Which brings us onto point 2.
Human error is the hardest element to control when protecting your business. You need to be as safe as reasonably possible but it can’t be at the expense of your team being able to do their jobs properly. Put too many poorly thought out safeguards in place and your staff will quickly become frustrated and demotivated. Whilst software does allow you to customise the restrictions on staff access all too often it’s left to an ineffective default to make life easy for all including cyber criminals.
There’s more examples of why there’s no single fix for protecting your business against cyber crime and the effect of people in the equation but the above is a as far as we need to go to set the scene as to why most there’s no single fix.
So what exactly can you do to protect your business? We’ll cover that in the next part of this series.