Jeremy Tucci
Financial Services
March 2020
4 Min Read

Cybersecurity 101: Foundation

Cybersecurity has become a household term yet remains mysterious in its meaning. Most initial reactions stem from movies and television, some hooded hackers with complex jargon dancing across screens. Maybe some have read about breaches happening all over the world performed by nation-states or groups with comical names. The reality is that cybersecurity is applicable from global enterprises down to homes and vehicles and everything in between. If you’re a business owner, there is no reason questions around cybersecurity shouldn’t be asked.

Every business is different. Do not be fooled by scare tactics and media sensationalism. Security has a place in every business. It just needs to be vetted, adapted, and applied according to what is important to the business. Security firms tend to lead with technology first and get bogged down by complexities and misunderstandings. The business gets overwhelmed and the effectiveness is minimized or worse nonexistent. It is important to understand cybersecurity is comprised of three core components. These will drive the success of the program.

People (Workers): This is the first and last stop for any cybersecurity program. Your workers on the ground hammering nails and project managers setting expectations. Forget all the fancy hardware, software, and systems. It is likely there is a person or team either internally or outsourced who are driving a cyber program. Management must also be considered from a buy-in perspective and funding. The general employee base culture is critical and obtaining feedback ensures a deeper connection to the cause.

Process (Blueprints): Documentation is a fantastic thing. When it comes to cyber programs, there can be an inundation of documents that need to be created, reviewed, and implemented. Often, this is where the business is not considered, and all hope can be lost. Drowning in a sea of documents and processes that do not apply to what really matters is serving no purpose. The most successful architect will focus on understanding risks, information, and workflows specific to the business. Only then will the processes that should be implemented make sense.

Technology (Materials): Sourcing the right components happens only after the blueprints are drawn. It might seem odd the last piece to discuss in a cybersecurity program is the actual technology. When programs start from here, it can result in unnecessary spend on hardware, software, and services that do not actually provide value. Once something doesn’t have a value it becomes shelf ware, unused collecting dust. It’s not until discussions with key personnel happen and proper plans are drawn up, can you see the problems that need to be solved and begin to source the tools necessary for resolution.

No single program and business are cut and dry. Each is unique and must be treated as such. It is almost a personal nature. There will even be change orders throughout the process as needs change or unforeseen challenges arise. Remaining flexible and coming back to the three core components will always deliver a successful program.