Cyber Security is about maximizing authorized access to your systems and data and minimizing unauthorized access.

Everyone talks about the latter, but few people seem to focus on the former. Maximizing authorized access means keeping your systems up and running.

Minimizing unauthorized access means keeping your systems and data safe from evil doers and unintentional exposure.

Collectively, we call all your systems and data your “platform” and we examine the inputs, the outputs and the access methods.

Part of Cyber Security is protecting your platform, from both disaster (vulnerabilities and errors) and threats (bad actions by bad actors). (This part of Cyber Security is called Cyber Defense.)

Your systems and data are managed somehow. There are rules about who can access them and recipes for taking care o them. Together these are your procedures.

Usually, there are backup procedures for servers and access procedures for desktops. There are limits to where the network reaches and what is on which subnet. When you add or remove a part of your platform, there are usually procedures to be followed.

Part of Cyber Security is making sure that you have formal procedures, that those procedures are up-to-date, and that those procedures are actually followed.

Creating a paper trail to prove compliance is a large part of being able to face an audit.

This part of Cyber Security is where the Risk Management happens.

Cyber Security policies are only useful if people follow those procedures. Like the laundry, Cyber Security is a never-ending quest, so your people have to follow the procedures all the time. Forever.

Few people are naturally inclined to follow procedures closely and all the time. In order to approach this ideal, people generally need help. They need reminders and accountability.

This means making following procedures part of their job. And their job description. And their performance reviews. Simply saying “henceforth this is your problem” is not enough.

This is why we have behavioral scientists on our teams. Adherence doesn’t come easily to most people, but it also isn’t impossible. Set your people up for success and your Cyber Security will thank you.