Letter from the Editor
Compliance Is A Team Sport
In this issue of Today ’ s Cybersecurity , former pro athlete Emmitt Smith talks about 12 key things that make you a champion on and off the field . A few months ago , I had the pleasure of hearing Emmitt speak about his career and what he ’ d learned . His story resonated with me . After Emmitt had moved up the ranks in college football , his coach finally let him sit for a press interview . During the interview , Emmitt continuously used the word “ I .” “ I ran the ball for so many yards .” “ I scored the touchdowns .” I . I . I .
He ’ d let his ego get the better of him . At the very next practice , his coach said , “ Today , it ’ s all about you .” He increased the size of the defensive team ( a common practice ) along the defensive line . Emmitt stood behind the offensive line . When the whistle blew , the entire offensive team — except for Emmitt — lay down . He took his lumps that day . But he also took that lesson to heart for the rest of his career .
Like team sports , cybersecurity compliance requires a team — from the janitor to the CEO — to invest in the outcome . One weak link ( like an arrogant manager who thinks they know everything ) can take the whole company down . With cybersecurity , there will always be a criminal who is smarter than you with more resources . They know how to get around your firewalls and trick your employees into clicking harmful links . The team needs to understand the risk as well as the policies in place to prevent attacks .
Inspired by Emmitt ’ s article in this issue , here are my 12 Principles of Compliance .
1 . Commit . Like anything in life , success starts with commitment , and everyone in your organization must commit to compliance .
2 . Appoint . It ’ s required that you appoint at least one person to be responsible for compliance and indicate that in your Written Information Security Program ( WISP ). Make it the right person .
3 . Budget . Training , tools , implementation , policies , and research all go into compliance . You need to invest resources in compliance or you will pay a much steeper price later .
4 . Policies . Your WISP is the basis of almost all regulatory requirements . Other policies , like general use , mobile devices and work from home , also need to be implemented . Each state has its own requirements as well .
5 . Employee sign-off . Employees must read and sign off on all policies you implement . Without this , you can ’ t enforce those policies .
6 . Enforce policies . Don ’ t have policies you don ’ t enforce . If you aren ’ t enforcing policies , your Attorney General ’ s office will think — correctly — you don ’ t take it seriously .
Konrad Martin Co-Founder and President , Tech Advisors
7 . Update policies . Every year ( at minimum — we do it quarterly ) you should update , review , and have employees sign off on new / changed policies .
8 . Train your team . To protect your organization from cybercrime , loss of personally identifiable information ( PII ), etc ., you must train and prepare your employees to be alert for the tricks and hacks they will encounter .
9 . Include simulated phishing in your training . Criminals are constantly changing their tactics . Employees need to be trained on what to expect and how cyber “ lures ” are changing .
10 . Stay relevant . Share articles and short videos of the latest cyberhacks and crimes to train employees .
11 . Dark web scanning . This helps to prevent breaches in the first place . If you aren ’ t taking steps toward prevention , your insurance provider may not issue you a policy .
12 . Meet regularly . Have regular meetings with your compliance officer / group to brief and educate other managers on what is required of staff and what is changing .
If you are missing any of these 12 core principles from your compliance strategy , give me a call so I can help you bridge those gaps and keep your offense , defense , and entire operation running smoothly .
Sincerely ,
Konrad Martin
Co-Founder and President , Tech Advisors
WWW . TECH-ADV . COM | 3