Business owners frequently ask me, “What’s my biggest risk when it comes to cyber security?” But I know what they are really asking is, “What is the one thing I could go tell my IT department to do that would mitigate 80% of my cyber security risk?”
Sadly, it’s not that simple.
The devil is in the details, and when it comes to cyber security there are lots of details. Risk comes from the mountain of small things that often get missed or neglected, not because IT folks are irresponsible or uneducated, but because most organizations run IT resources too thin. Most IT departments I encounter are not ashamed to admit that they don’t or can’t do all they wish they could to secure their employers.
All IT teams need to be given the opportunity to raise their hands and advocate for the help they need. It takes a team to secure even relatively small organizations because there are too many facets and too many tools for one person to master.
So, to answer those business owners who ask about their biggest risk, I tell them, “Your biggest risk is that your IT staff are worried about cyber security but don’t feel comfortable voicing their need for help.” The good news is that this problem is quite solvable! It just requires that business leaders create an opportunity for honest conversation with their IT staff — where they can speak openly about the gaps in the organization’s security posture and talk about practical ways those gaps can be filled. We facilitate these conversations between Management and IT staff on a regular basis, so feel free to reach out.