By James R. Lint
Faculty Member, School of Business, American Military University
A simple test to determine if a company is interested in cybersecurity is to look at the posters in the company break room. The bulletin boards and walls in that break room tell a story about what’s important to the company.
What Cybersecurity Message Does Your Organization Send to Employees?
The break room and the boardroom are not decorated in the same manner. Typically, posters aren’t in the boardroom, so cybersecurity messages must be in the actions and messages that come from boardroom executives. An organization’s cybersecurity funding, direction and focus must echo the verbal support from the boardroom.
Cybersecurity Use Must Meet Security Objectives without Causing Economic Harm
After a cyberattack, companies often wish they had put more focus or funds into cybersecurity. Board members must do security assessment studies and carefully allocate funds for cybersecurity.
Executives and managers adding cybersecurity defenses to their companies need to weigh the economic risks against company support and cybersafety. A company can buy too many cybersecurity products and fail to make a profit and meet payroll, leading to company failure. The amount of cybersecurity product purchases must be balanced with cost effectiveness.
Purchasing products for any organization is a tough decision. Other elements also cost money, including physical security barriers, increased lighting in the parking lots and the quality of items used in the production of goods/services for company customers. It is a tough balance between security and operational functionality.
Risk-Based Program Assessments Create Balance
Security is all about risk and the amount of risk you take. A risk based assessment is a tool to determine if your organization has created the correct balance in whether it has too much or not enough security. Intelligence or knowledge of your situation, analyzed with a risk assessment can give you powerful information that gives your program the correct focus.
In small companies, leaders often protect and fund the last request that came into the office. This may be a good practice, but it is not strategically effective. Leaders and executives should view the “big picture,” keep the company functional and ensure that the organization spends money wisely.
Leaders must know which elements of the company could cause its death. In a bakery, for example, an oven may fail due to the lack of cleaning and maintenance. Consequently, no bakery products are produced and there is nothing to sell the next day. Nothing to sell means no funds to give to employees to keep them working.
It is also essential to know what can kill a company first. Prioritization is a major mission of senior leaders and managers. Prioritizing is not an easy job because those decisions impact the livelihood of employees and customers. It is all about the assessment of risk.
Cybersecurity Is Essential Element in Managers’ Balancing Act
Managers have a balancing act. Cybersecurity is one more element that managers must consider in the determining the risk of what can help or harm their organizations.
Basic security training for employees is a useful start. Employees must be trained to remember not to click on unknown or suspicious links, which could lead to a malware attack or a similar computer infection.
National Cyber Security Awareness Month reminds us that everyone in an organization has a role in cybersecurity. Whether that person is a low-level employee in the break room or a member of the company’s board of directors, knowing and following cybersecurity procedures is important in protecting an organization from a cyber attack.
About the Author
James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded their 43rd scholarship for national security students and professionals. He has 38 years of experience in military intelligence within the U.S. Marine Corps, U.S. Army, contractor and civil service.
James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. In 2016 he was accepted as a member of the Military Writers Guild. He has served in the DHS Office of Intelligence and Analysis and at the Department of Energy’s S&S Security Office. James had an active military career in the Marine Corps for seven years and also served 14 years in the Army. His military assignments include South Korea, Germany and Cuba in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” and a new book in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea.”