Yeah, you spotted it, the clickbait headline that made you want to read a bit further but please bear with my crude social engineering, you will see exactly what I mean as this article goes on.

First of all, cybersecurity IS a lot like deodorant, because the people who need it the most tend not to use it. It’s as simple as that.

Seriously, we can show owners of businesses and charities in Lincolnshire how they are going to be spanked by the professional, organised criminal because we can see where said businesses and organisations are exposed but most reply with “We have an IT guy who looks after that” (when, clearly they don’t otherwise there wouldn’t be an exposure) and few actually do anything about it until it is too late and suffer the expensive and inconvenient, but preventable, fallout.

You may be amazed to know that some business owners in Lincolnshire have a strategy of “going bust” if they get hit by cybercrime. How appalling is that? Never mind the supply chain fallout, but the impact on people and their families from this “strategy” is just insane.

But cybersecurity doesn’t have to be expensive because it is NOT just about IT. You can’t buy your way out of a spanking with tech. Shrek moment here – you need to be like an onion and have layers to defend you. That’s how you do cybersecurity properly. It’s called Defence in Depth.

So, thinking of that onion, right at the very heart of the onion, you’ve got that growth shoot. That’s the assets of your business or organisation. It’s your assets that a criminal wants and if they are susceptible to the criminal elements they need to be protected.

What’s going to do that protection? Well, “people” are the first line of defence. No, not firewalls or antivirus. It’s always the people that get compromised in any sort of attack so the people need to have all the right weapons in their armoury in order to fight off the attackers.

How do you give your people the right weaponry? Well, no, it still isn’t firewalls or antivirus – we’re still not at the tech level yet. This next layer to your onion of defence is procedures. Procedures tell people how to protect assets. The more procedures you’ve got that are easy to remember and follow when the stress levels are tested, the better you’re going to be.

OK, here we go – it’s that tech bit that you’ve been waiting for – your technical controls are next. These support your procedures and should be designed to enable your people to do things online safely. They aren’t there to block by default because that frustrates people and devalues your investment in tech as people try to find a way around it. Being smart with the technical controls you put in place is really important and there’s not one vendor that can do it all, no matter what marketing bumf is waved in front of you or technical mumbo jumbo is broadcast in your direction. You could even have multiple technical layers to your onion if the mood takes you.

After the technical controls, we have the physical layer of defence. Your castle walls. Your moat and drawbridge. The lock on your drawers and cupboards that doesn’t have the key hanging from it all day and all night. Your doors and windows. Your home offices. Your vehicles. Make things difficult for the wrong sort of people to access but easy for the right sort of people to access. Again, don’t limit yourself to one layer here. Be creative.

Last but by no means least, your most vital component of defence is your culture. Unfortunately, there are yoghurts out there with more culture than some businesses and that’s a disturbing place to be in 2023. If the default response to security from the top of your business is “It’ll never happen to us”, “It’s an IT problem” or “If it happens to us we’ll just go bust”, it might be time to look for a new employer because, sooner or later, jobs will be lost. The culture needs to be one of protection, of defence and of investing in security rather than viewing security as an expense. There are many business owners in Lincolnshire who can tell you the price of security but few who can communicate the value of their own. Lincolnshire needs to Be Smarter.

So there you have it. Deodorant and Onions. It’s all very cryptic, isn’t it? Well, it doesn’t have to be. Engage with a cybersecurity professional and they will show you how you can protect your castle. If you don’t want to do that then at least check out the National Cyber Security Centre’s page on Cyber Essentials as this scheme will help you put your technical controls in place. Just get a dedicated Cyber Advisor to help you rather than any IT bloke, because a Cyber Advisor has no agenda other than to ensure you’re protected and compliant. At Digital Armour, we have Cyber Advisors that can help protect your business, and help you get the appropriate level of Cyber Essentials certification. We’re also one of the longest-serving Cyber Essentials Certification Bodies in the United Kingdom. Maybe we can help?