Fresh Thoughts #33: The Show Must Go On

standing looking out of a window

After every shock or atrocity, there is a time of recoil.

A moment of - What was that?

This pause happens whether it's an event of world significance, a purely personal one, or a cybersecurity incident.

What happens next is crucial. Recoiling is OK, as long as the next step is to refocus, review, and restart forward progress.

In cybersecurity, business-level reviews don't have to be complex - there are only four questions:

  1. Do you know what you're protecting?
  2. Do you know your boundary of accountability?
  3. Do you know who has access?
  4. Do you have a backup plan?

It may be easy to breeze through these questions with a flat - Yes! Of course. But there are some depths to consider.

Do you know what you're protecting?

It covers data - safeguarding or personally identifiable information (PII), trade secrets, and commercially sensitive records.

The hardware and software assets your business owns...

If you have an automatically generated list - then this part is easy.

Do you know your boundary of accountability?

When your people and equipment were in one place, this was easy. But as every company now uses SaaS products and service providers, the question is - Where did we put our data?

The first step is gathering a list of your service providers and SaaS products.

But then also - How does the data flow through the system?

Did someone send a copy of all personal data to an insecure email account - "just in case"?

Do you know who has access?

In the ideal form, people have either everyday working access or privileged accounts that can grant access when required.

In reality, new people join a thriving company or leave for a new adventure... so integrated people processes for joiners, leavers, and changers are essential.

But what about the unintended access?

Weak passwords can be guessed. Staff can be tricked into giving access to hackers via social engineering and malware.

Weak technical configurations and design flaws can grant access, like an unlocked front door.

Did you lock your front door earlier? Does it have a 5-lever lock?

Do you have a backup plan?

In an ideal world, you wouldn't need to think about this - but then reality strikes.

Does your team understand how to investigate and respond to a security incident? Do they have the tools?

They'll need an audit log - to understand the scope and scale of the situation. And a "known good" backup to recover data and reinstate processes.

And don't forget - technology fails. Servers, laptops, phones - just break.

But the worst culprit is spinning hard drives. They last 3-5 years, after which the mechanical bearings fail. And without functional bearings, the data will not be read from the hard drive.

Final Thoughts

Periodic reviews are always helpful in taking the temperature of a cybersecurity programme. And defects in each area can be fixed via short-term, one-off projects.

However, embedding each task into a repeatable, business-as-usual process - that happens as a background task is the secret to effective and sustainable cybersecurity.

September 20, 2022
3 Minutes Read

Fresh Thoughts to Your Inbox

Fresh perspectives on cybersecurity every Tuesday. Real stories, analytical insights, and a slash through buzzwords.

We'll never share your email.

Related Reads

Queen Elizabeth II

Fresh Thoughts #32: The Queen's Wit

My mum's Irish. And like many old societies, the Irish have strong opinions about death. If you've been to an Irish wake, you'll know...

Subscribe to Fresh Thoughts

Our weekly newsletter brings you cybersecurity stories and insights. The insights that help you cut through the bull.

We'll never share your email.


Fresh Security Support

Your Questions


Fresh Sec Limited

Call: +44 (0)203 9255868