Terms come and go in the business world. “Think outside the box,” “empower,” “buy-in” and “paradigm shift” have all probably seen their heyday come and go. Sometimes these terms spillover from other types of organizations, like the term “SWAT team.” “Purpose-driven” is one of those terms. When Pastor Rick Warren of Saddleback Church in Lake Forest, California trademarked the term, he was referring to one’s relationship with a higher power, “to be driven by God’s purposes, not our own.”
Earlier than Pastor Warren, Steven Covey wrote in his “7 Habits” series about being “purpose centered.” Many a business modeled their practices, leadership training in particular, off of his words. So what can such religion and philosophy have to do with modern cyber security? Most people didn’t even know what a smartphone was when The 7 Habits of Highly Effective People came out (since the term hadn’t been coined). And speaking of coins, Bitcoin didn’t exist. Few had probably even heard the term “malware.”
But when it comes to applying the term to cyber security monitoring, a purpose-driven plan could be said to be the one that isn’t one-size-fits-all but is instead product-driven (to throw a couple more business cliche terms in the mix). You get the idea. Here’s how to make it work.
Beyond the IT Department
The first thing to know about a purpose-driven plan is that it has to extend well beyond the IT department. That’s right, you need company-wide buy-in (cue the eye roll). Forget the ubiquitousness of the term for a minute, though, and look at where cyber security usually goes wrong:
- Phishing campaigns work about 50% of the time
- Updates fail to occur immediately, recently even causing global-scale attack
- Most of the people with internet access have little to no familiarity with cyber security
It’s not that IT departments never make mistakes…that can happen. It’s just that cyber attacks have grown to the point that IT departments cannot be the only employees familiar with and responsible for company cyber security.
A Plan That Works
A cyber security plan that works is a purpose-driven plan–everyone, organization-wide, in agreement with and driven by the security of all internet-connected devices. Here are some ways that could be obtained:
- Train your team. Use real examples of security breaches.
- Create a monthly newsletter. Continue training by sending out information on other real examples as they occur.
- Perform cybersecurity drills and simulations. You probably do the same for fires and earthquakes, consider cybersecurity equally important.
- Have an easy reporting system. Make sure employees know where to go to report anything suspicious.
- Reward vigilance. Some sort of credit, award system or public acknowledgment for vigilance can go a long way toward continued buy-in.
- Consider extending your advisory team. Having a “cyber security council” comprised of more than just the IT department, to monitor activity, suggest and implement best practices, and otherwise help prioritize security issues, may help you make and meet objectives. Examples include drafting and implementing a cybersecurity plan, a reputation management plan that includes cybersecurity issues, and even a long-range equipment age-management and maintenance program, all created by your Cyber Security Council.
Enlist the Experts
Unless you’ve managed to be the rare company to remain completely analog and yet grown and succeed, you are part of the digital world. Getting started with a cyber security company can help you get smart about how you proceed. An effective plan is an evolution, not a revolution. So create a purpose-driven plan, with components prioritized to your organization, to succeed.