Here is a question for all business owners and executives reading this article: How do you make sure that the goals that are set in your annual planning comes to life? How do you (and your teams) achieve your corporate goals?
Your answer is most likely because we have measured KPIs or objectives and we work together to achieve them. We reward those who over-achieve and support and follow up on those who don’t do as great.
Leaders are supposed to lead
There is your perfect recipe. You, as a leader, have set them up for success. You have shown them the way.
Now let’s deconstruct this for a moment:
- First, I will go against the main trend and tell you that no, you should not train your staff on cybersecurity. At least, not before you, as the owner, have chosen to train yourself. That you get interested in what systems and data are crucial to your company, and that you make sure you know how to recover them if there is an attack.
- This curiosity will raise eyebrows from your management team, especially once you start asking about the state of various cybersecurity components and start shifting priorities to bring those forward in the planning.
- Once your management team is on-board and understand the necessity and the value of cybersecurity, then you will want them to get trained.
At that point, and only at that point, when all your management is trained, understands and starts adding KPIs relating to cybersecurity on their dashboard, should your staff be trained.
There is no way that an entire company will transform their culture to make cybersecurity front and center, if this is not the focus of their leaders. If you tell them that cybersecurity is the most important thing, but the next day, you direct them through KPIs or objectives that their priority is sales, sales will become the real priority.
Liabilities should point the way
Here is my question to all of you who would contest this. Who will get sued if there is a data breach? Who will lose everything if the company does not survive a ransomware? You, the business owner, your investors and your board. Not the intern to who you gave the cybersecurity role. You.
Now, taking this into account, who has the most to win if attacks are stopped, prevented or if your reputation is saved because a spam launched from within your system is averted?
Once again: You.
Then why would you not invest some of your time to ensure that you understand how this is working, how you can ensure that the various dark corners of your environment are properly lit, and that you have visibility if something happens?
You should be that beacon of light, as, after all, you are the role model for your company.
Being a business leader is demanding and requires that you learn things in which you know you have no qualifications. But here is the thing: there are ways for you to understand cybersecurity through simple metaphors and logic. You do not need to master that latest platform. Most of what you need to be cybersecure is already built into Microsoft 365. What cybersecurity needs most is attention. With that, you can start leading the way to a secure environment.
