Cybersecurity. You're fine until you're not.
And what I'm working on now
I read a while back that if you find something that ‘sizzles your bacon’ you’ve found your dream job. In all my time doing GDPR the thing that fired me up was the cybersecurity element. Seeing the areas businesses were vulnerable, and offering up simple solutions.
Twitter is my classroom - the cybersecurity and infosec (information security) community hang out there. They share, they inform and they discuss all things cybersecurity. From the big juicy hacks to the very technical, it's a treasure trove of insights….if you love cybersecurity!
I started sharing these stories and these hacks. I soon found this engaged people. Understanding the underlying 'why' is an effective way of getting them to change behaviours. Every security professional will bang on about the benefits of password managers. Often to little effect. Explain to people what credential stuffing* and they're downloading a password manager then and there. My most successful post has been Help, My Zoom was hacked. Spoiler alert - zoom accounts weren’t hacked, it was all down to reusing the same password. Cybercriminal were logging in to Zoom accounts en masse using password and username combos they’d bought on line.
Cybercrime is becoming more sophisticated. We’re hearing about more bank scams, more invoice fraud, and more ransomware. If large organisations like Twitter and Garmin and Travelex are in the frame, the only certainty is that no-one is invincible.
How does that transfer to the SME and the microbusiness? They are as likely to be victims of cybercrime. The stats tells us that 43% of cybercrime is aimed at small business. The stark difference; a small business is more than likely to go out of business within 6 months of falling victim to cybercrime. Many cyber attacks are aiming for long hanging fruit—the easy targets. Its a numbers game as they unleash automated attacks. They look systems or apps that's not updated. It's inevitable the small business will get caught in the net.
Our brains are hardwired for optimism.
It’s human nature to think we’re invincible. This optimism bias causes us to believe that we are luckier and less likely to experience negative events than the average person. Secondly, we’re busy. We all mean to get around to looking at our security, promising ourselves we’ll do that update, install that system, run that scan. But it doesn’t happen. Then much like toothache, the blue screen of death or the car that breaks down - once it’s not longer working or crashes or breaks - we wish we had done that thing. Cybersecurity is the same. You’re fine until you’re not.
All this led me to CyberPie. My solution to help the small business owner. Small business owners can feel overwhelmed with the volume of information out there. I recognise they have limited time and money, and have to wear a lot of hats. CyberPie is based on my personal principle of ‘just one thing’. If we only have one task or one idea to act upon, we’re more likely to do that one thing. Faced with a list of security recommendations versus one 5 minute task, its easy to see which one is going to more effective.
CyberPie is in production and I look forward to giving small businesses a piece of the cybersecurity pie that they so desperately need. You can add your name to the pre-launch list here.