As a leader, you are responsible not just for the growth of your team, company, association, or organization. You are also responsible for its safety. One of the most common threats to your team in the modern era is a cyber attack. A good leader is aware of the threats and knows how to deal with them swiftly.
You may have heard the term cyber security thrown around, but do you really know what it is or why it’s important? Cyber Security is a broad term that includes a multitude of practices and technologies aimed at protecting hardware, software, and data from attack, damage, or unauthorized access. Let’s cover this topic in more depth as it relates to being a leader.
Cyber security is the practice of protecting systems, networks, and programs from digital attacks.
Cyber security is a complex discipline that’s constantly evolving as new threats arise and trends develop. Unlike many other industries where technology is king, cyber security’s success depends on both technology and human behavior in equal measure.
Cyber security has become a product-driven field, wherein companies outsource their cybersecurity in order to meet compliance requirements. Unfortunately, this focus has led to an oversimplification of what cybersecurity actually means. Let’s redefine it to its original meaning.
The Core Disciplines of Cyber Security
Application Security
This is the practice of securing applications and software from unauthorized access and preventing data from being modified. It also involves identifying, assessing, and remediating risks to technical systems and infrastructure.
Information Security
This field focuses on protecting information stored in physical devices – for example, laptops or smartphones – as well as in cloud-based services. Information security professionals secure information by making sure it doesn’t get lost or stolen. They ensure that its confidentiality isn’t compromised by, for example, encrypting sensitive data so that only authorized users can see it while it’s being transmitted across networks between companies or governments (or anywhere else).
Disaster recovery/business continuity planning (DR/BCP)
A BCP plan identifies potential issues with your organization’s infrastructure before they happen, then creates a strategy for how you’ll deal with them if they do occur. For instance, a manager tasked with disaster recovery might implement measures such as making backups of critical data at regular intervals so that you don’t lose anything important if something goes wrong (like a fire destroying your office).
Network Security
Network security can be broken down into three main categories: hardware/software solutions (such as firewalls), user training (educating employees on how to stay safe online), and people management (setting up policies that enforce good behavior).
The Goal of Cyber Security
The goal of cyber security is to ensure confidentiality, integrity, authentication, and non-repudiation.
Confidentiality refers to protecting data from unauthorized access or disclosure.
Integrity refers to protecting data from destruction or alteration by unauthorized parties while in storage or in transit.
Authentication is the identification of the user or the system accessing data on a network by validating their credentials (i.e., via password).
Non-repudiation allows users who have been authenticated to prove that they performed an action within some specific period of time (e.g., posting status updates on social media).
Confidentiality, integrity, authentication, and non-repudiation are important in cyber security because they help ensure that information is protected from unauthorized access and tampering. In other words, they ensure that the data you send over the internet can’t be accessed or changed by anyone else.
These four concepts are especially important when it comes to e-commerce and money transfers, where the risk of having customers’ credit card information stolen is high if you aren’t careful. Your responsibility to your team and to your customers includes focusing on these four key concepts. Cyber security is a responsibility that every leader, and every team member, should take seriously. It’s important to know the basics of cyber security and how to keep your systems, data, and employees safe.
Here are some steps you can take to make sure your business is secure from cyber threats:
1) Make sure you’re using strong passwords. A strong password should be at least 12 characters and include letters, numbers, special characters like !@#$%^&*()_+), and any other unique words you can think of. Avoid using the same password for multiple sites/accounts—you’ll just be asking for trouble if one account gets hacked!
2) Update your software regularly! This includes installing updates when they’re available because they often contain fixes for security vulnerabilities that hackers could use to break into your system.
3) Protect confidential information. Make sure all documents containing sensitive information are encrypted with strong encryption (AES 256 or higher). If you store data remotely (like in the cloud), use an encrypted file storage solution like Boxcryptor or SpiderOakONE.
4) Use a VPN service if possible when connecting to public Wi-Fi networks. This will encrypt all traffic between your computer and the internet so no one except the VPN company has access to the data, not even your ISP. Overall, VPN companies are good about not sharing customer data (as that would defeat the purpose), but even so, you can create your own VPN with a little time and money.
5.) Compartmentalize tasks. If you deal with very sensitive information, you may want to hedge your bets by not keeping all information on all machines. That way, if one machine gets exploited, all data is not exposed.
6.) Separate work and personal devices. Keep work devices exclusively for work, since it is easier to control and monitor for threats when someone is not using a device for unknown personal purposes.
7.) Run phishing tests. Phishing occurs when an employee clicks on a fraudulent link and enters sensitive information into a dummy webpage that contains a keylogger. Typically, a phishing scam will be sent via email to your employees, so it’s a good idea to set up a tester email with a fake phishing scam, to see if they would fall for a real one. If they do, it’s time to remind them about phishing and other scams and how to avoid them.
No two ways about it: cyber security is no walk in the park. It requires foresight, diligence, and consistency. Most of all, though, it requires a leader who can not only see the bigger picture, but act on it before it’s too late.
Living Pono is dedicated to communicating business management concepts with Hawaiian values. Founded by Kevin May, an established and successful leader and mentor, Living Pono is your destination to learn about how to live your life righteously and how that can have positive effects in your career. If you have any questions, please leave a comment below or contact us here. Also, join our mailing list below, so you can be alerted when a new article is released.
Finally, consider following the Living Pono Podcast to listen to episodes about living righteously, business management concepts, and interviews with business leaders.