Three points of focus for ALL managers
These days it is not uncommon to have one or more “past work lives”. We use that term freely when networking or simply chatting with friends. In my most recent “past work life” prior to joining OCD Tech, I was a director of operations for a group of twenty employees at a local law firm. We worked daily to meet and exceed the client’s needs, extinguishing emerging fires, while also trying to prevent new ones. It was a fantastic and chaotic experience that I loved.
Access
Part of that experience involved routine tasks that I now look back on through a different lens. Our client requirements and our own good cyber hygiene combined to increase our level of cybersecurity and knowledge. On a quarterly basis (and sometimes more often), I was required to review and approve all levels of client access and software use for each of my employees. I initially viewed this as a “busy” task that I completed when time permitted (usually the day of the deadline). As time went on however, I began to see the importance of minimizing access to those employees that no longer worked with a specific client. Dormant software was removed from those terminals with employees that were reassigned to other projects. Ultimately, I used this review as an assist for how I managed personnel.
Disaster Recovery and Continuity Plan
Another regularly scheduled task that I helped lead was testing our Disaster Recovery and Business Continuity Plan. Prior to joining the firm, I had very little experience with these plans, however I quickly realized how important they were. The team would “shut down” once power or internet service was removed (or any other disaster was revealed), and test how quickly we could be back online to continue service for our clients. Each test revealed different aspects of the plan to work on – laptop access, client website locations, updated login information, and current client contact lists (with phone numbers). These tabletop exercises were extremely valuable in teaching the staff the importance and testing of the written plans.
Training
As managers in non-IT businesses, taking advantage of each opportunity to discuss and demonstrate the importance of cybersecurity is an easy step towards educating your team. We often focus on the day to day needs of the staff, from job training to team building exercises. However, we do not spend enough time on the one item that could cause the most damage to the organization. Just one cyber attack of any kind can lead to client trust issues, loss of business, lower office morale, and public relations issues. Managers routinely discuss staff needs for ultimate success, yet how often is cybersecurity training included in that list? Any manager of any size business should push for training, specifically email and social phishing training as these are the most common forms of exposure.
So, use your position to help protect your business, staff and reputation. Seek the necessary training and reinforce its purpose often. Perform the functions required with a sense of protection and preparation. It will be time well spent.
