Why would we devote an entire month of our blog to cyber awareness here at Risk Alternatives? Because it is that important. It arises with every customer we meet.
Last month, we devoted our blog to addressing the need for startups, small businesses, and nonprofits to focus on identifying risks throughout their organizations. This month, we extend the awareness theme with an enhanced focus on cyber privacy and security. This post explains why.
1. Cyber Is Essential
If “cyber” is a shorthand for the storage, retrieval, and sharing of electronic data, then nonprofits, startups, and small businesses cannot thrive without significant cyber resources. Everyone uses smart phones, computers, email, and the Internet. Everyone creates, stores, and disseminates electronic data. If you are trying to get something done, that effort increasingly involves cyber resources.
2. Cyber Is Worrisome
At the same time, cyber creates anxiety. Advanced technology baffles most of us. Speaking for myself, anything more technologically advanced than a lighter and kindling is at least semi-magical. I can’t describe how my phone works. I cannot program computers. My 11-year-old son is dramatically more technologically savvy than his father.
Moreover, cyber resources are supposed to be a tool, rather than a subject for study. We don’t want to be in the technology business. We simply need to use technology to facilitate efforts in other domains. We don’t want to have to be experts in how these tools work. We just want them to work without exposing us to unreasonable risks.
Compounding the worry, cyber technology is advancing rapidly. Some say college computer science freshman learn concepts that are outmoded by the time they graduate. Nobody outside the multitude of niche areas within cyber can keep abreast of his or her own domain. As a result, those of us who are less technologically advanced cannot have any command of — or even awareness of — emerging issues.
3. Simple Steps Can Make a Difference
So we need to use cyber technology, but it presents risks and causes anxiety. What then should we do? Fortunately, we can take simple steps to increase our peace of mind.
Initially, accept that no approach will be perfect. Cyber breaches will occur. It’s not a matter of if, but when. Someone in your organization will leave a laptop unattended. An employee will leave under circumstances that put data at risk. Someone will attempt to hack or intercept or misuse your data. This is not pessimism, but rather a common sense assessment based on the facts above. We are using tools that we don’t understand. They contain information that is valuable to potential wrongdoers. The tools are advancing so rapidly that we cannot keep abreast of our possible exposures. Mistakes will be made.
If cyber exposures are inevitable, however, we must cope with this reality. We can’t hope for perfection, but we can act reasonably in the face of potential threats. We owe our customers the duty of caring for their data as we would want our data taken care of. We owe our organizations a duty to protect them from reasonably foreseeable threats to their operations and viability.
So what’s reasonable? It’s not reasonable to ignore manifest threats. This cannot be our risk management spirit animal. It’s also not reasonable, however, to devote so much of our attention and resources to cyber issues that we cannot perform our primary obligations effectively. This month, therefore, our blog will be emphasizing reasonable steps we can take that can put us within the mainstream of care. We will be highlighting resources that can help us take a cost-effective approach to cyber awareness. We will also be identifying cautionary tales of organizations that have failed to face these issues competently.
As we approach our discussion of cyber issues, here are some questions for you and your organization to consider:
- Since you are probably not an expert in cyber issues, have you asked a professional to assess your organization’s cyber strengths and vulnerabilities?
- Since you may be judged relative to others in your community or industry, what steps do your peers and competitors take to protect electronic data?
- Is cyber risk awareness a part of your staff and leadership discussion?