Cybersecurity’s Unanticipated Benefits
Longtime readers of this newsletter may assume that the only professionals I ever call to my house for assistance are plumbers. That’s understandable, I’ve written before about my plumbing challenges here and here.
But it’s not just plumbers I bring in. When it comes to electricity, I know better than to take my chances – I hire a professional.
Such was the case last month when I decided to up my Wi-Fi game and transition our house from a consumer set up to something more along the lines of what a small business might run in their office. I had a few reasons: I wanted more control over security; I wanted to segment the network for different people and purposes; I wanted to discourage (okay, prevent) my kids from going certain places and doing certain things.
So I called Jeff, our friendly electrician, and asked him to come over and pull some Ethernet cables around the house – behind the walls and out of sight. He did a great job and, as long as Jeff was already there, I asked him to do a few other things…
He added three new outlets in our bedroom (including a USB outlet), making it easier to keep our various devices charged.
He ran a wire behind the wall where our basement television lives and connected it to the Roku.
He added an outlet in the basement behind our dehumidifier, eliminating the extension cord and associated tripping hazard that had been there since we moved in.
Each of these additional, unplanned things brought with them benefits, whether in the form of added convenience, improved appearance, or safety. And yet, none of these improvements were big enough, in and of themselves, to have warranted bringing in an electrician.
The fact is, were it not for my need to have some Ethernet cables pulled, I would never have realized any of these other things.
When You Improve Your Security, Other Things Improve Too?
When it comes to security enhancements, most people expect a corresponding loss in convenience. Multifactor Authentication (MFA), unique and complicated passwords, door entry badges … these things and others like them may elevate security (they do), but they add a degree of overhead as a result.
领英推荐
But, as with my visit from Jeff the electrician, there are benefits, many of which are likewise unanticipated. Some examples…
Internal audits. These may uncover users in the system who should no longer be there, whether past employees, contractors, or something else. Not only does removing these accounts prevent past users from gaining access, eliminating users can result in reduced license fees.
Code reviews. In addition to the primary purpose of identifying security vulnerabilities, code reviews often improve functional problems, such as a web form that is difficult or unintuitive to complete by legitimate users.?
Vendor reviews. When reviewing vendor performance, you may find they are doing an excellent job at security. But you may also realize that you have two vendors providing overlapping services to different departments and would benefit by consolidating functions and letting one go. What begins as a cybersecurity project turns into a cost-saving and streamlining exercise.
Cybersecurity Touches Everything
One of the often overlooked and underappreciated benefits of a cybersecurity focus within an organization is that because cybersecurity is by nature an “in the weeds” discipline, attention paid in this area invariably uncovers other, unrelated benefits.
And while many of these benefits may be small on an individual basis and generally unexpected, they add up to across the board improvements and enhancements to your business.
(Side note to Jeff the electrician: I forgot to ask you to install a dimmer in the basement. No worries, we’ll get it done the next time we have you over for something more significant!)
Want to get great cybersecurity content delivered to your inbox??Click here?to sign up for our monthly newsletter, Tales from the Click.
This article originally appeared on the Fractional CISO blog.
Founder and CEO at minware
2 周I think it’s still a cost center though. Sure, messing it up can interfere with revenue and efficiency, but the same is true for other “cost centers.” The test I would use is whether you can keep increasing revenue indefinitely the more money you put into it like you usually can with sales and marketing. Unless your product is a security product or targets a niche audience that’s highly security-conscious, the answer is going to be no.
vCISO, Security Practice Leader and HITRUST Assessor with Healthcare Experience at Assured SPC
2 周Rob Black when I engage with a small or early stage firm as CISO, most of the other C levels view risk management, security and privacy as a cost center. In a sense that's true. We are not a capital expenditure. Like all other compliance groups, we are "revenue enablers" - if we don't do our job many firms may not realize revenue.. If it's regulatory the firm is at financial risk and possible criminal penalties for the C level. If third-party (contractual) compliance the firm likely won't be offered or allowed to retain contracts for products or services. That meets my definition of valuable and essential to me. But I'm biased ??
In the digital zombie apocalypse, I keep businesses safe. (I also help them use their technology more effectively.)
2 周I concur with everything you wrote in your post. I have one question though. When it comes to the “A phishing attack recently cost Comparable Co. $1.2M in damages," conversation . . . I haven't found a good source for specific numbers like these in the SMB space. Got any suggestions for where to look?
Cyber Security Engineer | Gen AI | AWS Solution Architect |Top Voice Cyber Security
2 周This is a crucial perspective shift! Highlighting the revenue-driving and efficiency-boosting aspects of cybersecurity, in addition to risk mitigation, is key to gaining leadership buy-in.
PhD GRC candidate | CMMC-CCP | CySA+ | NIST 800-171r2 | GLBA Safeguard Rule Assessment | Speaker | Empower leadership to confidently execute business safely. Click to connect!!
2 周This has a build-up to the FAIR framework....LOVE IT!!!