Cyber Security Anxiety: Mystery And Myths

This blog post is aimed at people working in organizations either too small or too new to have much of a Cyber Security program. you know who you are: you have the sneaking suspicious that you are out on some thin ice, but you don't know what do next.

There is no shame in not being a Cyber Security expert. Most people are not. Nearly all people are not. But if you are part of the management team of a company, you rarely have the luxury of simply ignoring Cyber Security altogether.

After all, every management team member has, at one time or another, had to manage people engaged in work that the manager does not really understand. In fact, staying current with the lower level details of work can be a real weakness in a manager.

That said, there is no excuse for burying your head in the sand when it comes to Cyber Security. It may be a mystery to you, but many people cannot explain how GPS works and yet somehow manage to use systems based on it.

If you have decided that you can avoid knowing anything about Cyber Security because you don't talk about it, or pay attention to it, or engage other people about it, you are likely not doing a part of your job. Specifically, if you comfort yourself with any of the following myths, you should reconsider:

1. I'm too small to be worth hacking
2. I don't have anything any hacker wants
3. I don't see a problem, so there isn't a problem
4. Cyber Security is IT's problem and has nothing to do with me

There are many write-ups on the web about Cyber Security myths; this blog post is not going to be yet another.  Instead, this blog post is an attempt to calm your Cyber Security anxiety with some practical advice, to answer the question "what does Cyber Security have to do with me?"

If you were going to pay attention to Cyber Security, after having ignored it up until now, the first thing to do is ask about what you can do to support whatever is being done in the way of Cyber Security. Human behavior is a big part of what makes or breaks Cyber Security, including behavior of people far removed from IT; offer to help and see what happens.

For extra credit, think about what computer systems and data are vital to supporting whatever you and ask about what is being done to protect "uptime" (the amount of time these systems are available to you) and what you can do to support data protection (backup and restore) or system security (cyber defense). You might be surprised at the answers, if you ask sincerely and your IT folks aren't hopelessly defensive after years of hostile neglect.

Offer to be part of the solution, to define risks and write policies and support procedures. If you don't have a formal Cyber Security program, someone is almost certainly doing something and likely not getting enough credit or support. 

You do not have to be an expert in Cyber Defense to support Cyber Security, but you do have to support the efforts of whoever is doing whatever they are doing.