When a company’s computers are hacked, management’s first impulses often are to invest in better software, better virus protection packages, better computers, or even entire networks.
But they may be putting the emphasis in the wrong place.
The problem’s root cause is usually not the technology, but people. Organizations that take a simplistic approach, assuming computer hacks are an IT department’s problem are headed for trouble. Cybersecurity is everyone’s job.
For lasting results, firms need to harness the power of solution-design techniques to develop cybersecurity systems and protocols, based on the I.D.E.A.S. framework:
• Identify: Get to the root cause of the problem. Step back, take a breath, and assess the situation, so that you will ensure you are treating not just the symptoms.
• Design To avoid security breaches, take time to determine the options that can be used to address all the problems related to these issues.
• Engage. Confirm that everybody who is impacted by a new cybersecurity program or effort is on board with the changes before they are implemented.
• Act. Implement mandatory training for all employees to explain the common ways that hackers enter the system, including how phishing works.
• Sustain. Design metrics to keep cybersecurity policies in place and implement an easily accessible system for employees to identify and report incidents.
The company that truly engages all of its employees, suppliers, vendors and other stakeholders to be knowledgeable and aware of basic cybersecurity protocols will have a much better chance of countering criminals.
J. Eduardo Campos and Erica W. Campos are co-authors of “From Problem Solving to Solution Design: Turning Ideas into Actions.” They are co-founders of the consulting firm, Embedded Knowledge Inc. (www.embedded-knowledge.com), which works with organizations and entrepreneurs to develop customized business strategies and to form partnerships focused on designing creative solutions to complex problems.