“Culture and control eats cybersecurity for breakfast” - By Eoin Lyons
I first came across Peter Drucker in 2010 when studying for an MBA. I bought into his practical and philosophical approach to business and have used and re-used his balanced scorecard at every opportunity since then. I often think of his quote “culture eats strategy for breakfast”.
The recent well-documented ransomware attacks have emphasised that without a culture of protecting data the most sophisticated cybersecurity in the world cannot fully protect us from these vulnerabilities. Our IT security providers may only be hours behind those who create the chaos but that is enough time to exploit individual complacency when reading emails or browsing the web.
This week OPAL has been re-certified ISO27001 compliant for the 7th consecutive year. Our auditor put us up with the best he had seen in the last number of years and referred to us as a top 5 firm for this standard. I can take no credit for that as the OPAL I joined 15 months ago had and has data security in its DNA.
International rugby player Gordon D’Arcy talked about doing the hard work when nobody is watching. Good practice is naturally adhering every day to well-crafted policies and procedures as opposed to scrambling to collate evidence for an occasional audit.
What might occasionally seem painful or onerous when implementing solutions becomes worthwhile and powerful when our clients stress the importance of minimising the risk to their customers and ultimately their business.
No human system is perfect. There is always an element of risk in what we do. What delivers the best outcomes for customers and their data is when good controls meet an honest culture of protecting our customers’ and clients’ data as if it is our own.
Or, in other words, “culture and control eats cybersecurity for breakfast.”