Tiny Changes Create a Significant Impact
There's a viral video about adding wolves back into Yellowstone national park. This single, small action significantly impacted the ecosystem - even the rivers started to change course.
On a much smaller scale, our dog recently died and our garden ecosystem hasn't been the same. For 8 years, we had abundant small birds darting about the place. But in a matter of a week, they all seem to have moved… elsewhere.
They've been replaced by cat fights - as observed at 1:03am on Saturday morning. And a fat wood pigeon has taken up an observation post at the end of the garden.
A small change can change everything.
At Fresh Security, we help our customers make small, tiny changes to the way they work.
Any change we propose must be small because our customers have businesses to run. Any idea of ripping up a company's operations and starting again is a non-starter. There are sales to close, customers to serve, and bills to pay.
The most impactful tiny change I've seen is to require each person has a unique account/login. Why? Because team members start caring a little bit more. If actions can be attributed to them personally, a little more accountability is felt. Which causes people to stop - just for a moment and think - Does this make sense? Is it worth it?
You may wonder why I didn't say requiring everyone to use 2FA… And that's because I've seen entire teams work on a single account - with 2FA - and an automatic forwarding so if "one of those pesky codes" is received… all team members can automatically receive it. No issues to see here… 😬.
Making things personal is a tiny change, but it has a significant impact. Security awareness training is number 2 on my list because it gives each person the tools to spot a cybercrime scam. So while they can be held accountable for their actions, they are also helped to make good choices.
Board Briefing Packs From the NCSC
Not everyone is well versed in cybersecurity. People are still learning.
While there are plenty of learning opportunities if you're a hardcore techie/nerd/geek 🙋♂️. And even plenty of lessons for children.
Unfortunately, board members haven't had a great set of information that explains cybersecurity and cyber risk in terms they are familiar with…
Fortunately, last week the NCSC released an update to their briefing packs that explains cybersecurity in a way boards will understand. Even better, they provide the slide decks and speakers notes so anyone can present the subject.
This is a welcome addition - and helpful to speak to a previously underserved audience.