The Key to Success

Author: Gary Hibberd

Date: 28th December 2020

 

It’s coming to that time of year where we all start making plans for the year ahead, to make it our most successful ever.

These plans are sometimes personal, where we set goals to get a little healthier, and drop those ‘COVID Curves’, and ‘Pandemic Pounds’! Other plans are more focused on business, as we set objectives and targets for our business that we hope will lead to success.

But how do we measure success? And how can we relate this to Cybersecurity?

 

The Key to Success

Some might say there is no ‘key to success’, and that it’s many small steps leading to accomplishing your goals and objectives. I actually agree with this to some extent, but I do believe there is a ‘Key’ to success, and we’ve been looking at it all along.

The Key to success is… the DELETE key. Its been on your keyboard all along, and we never realized it. But we can use it to improve our lives and help improve your Cybersecurity and Data Protection along the way too.

Here’s how.

 

Hit DELETE, on Negativity

To achieve any goal in life, you need to remove the negativity and start committing to what you want to achieve. Of course it all starts with ‘Why’. Before you set your goals for 2021, have you identified WHY you want to do the things you want to do? If it’s for someone else, then you’re not likely to stick with the goal. But if you understand why YOU want to achieve the goal, you will have more motivation and dedication to sustain through the tough times.

The problem is that most of us talk about our goals in a negative tone; We plan to STOP doing things or GIVE UP something. It’s not very motivating. So delete the negative talk from your language, making this a daily occurrence and a general principle. When setting your goals, don’t say;

• I must give up eating fatty foods
• I must stop wasting time watching TV
• I must stop X amount of cyber incidents

Change this to;

• I will eat healthier and more fulfilling foods
• I will switch 1 hour of TV time to reading time
• I will help raise awareness of the importance of Cybersecurity and Data Protection

Of course the principle of setting goals has been with us for some time and is a great idea. We’ve known for some time that these goals must also be SMART;

• Specific
• Measurable
• Attainable
• Relevant
• Time-bound

This is something I guess many of us will have come across, and while it’s important for general goals, it’s also essential when thinking about Cybersecurity and Data Protection. In fact, the security standard ISO27001 expects you to set clear objectives, which can be evidenced.  In s section 6.2. ‘Information Security Objectives and planning to achieve them’, it states that;

The organisation shall establish information security objectives at relevant functions and levels. The information security objectives shall:

1. be consistent with the information security policy;
2. be measurable (if practicable);
3. take into account applicable information security requirements, and results from risk assessment and risk treatment;
4. be communicated; and
5. be updated as appropriate

Setting goals is clearly important, but again I would urge you to delete the negativity and look for goals which focus on the positive aspects of Cybersecurity and Data protection. It takes a little practice but can be easily achieved with practice.

Rather than stating an objective or goal as;

• Reduce the risk of malware infection on end-point devices
• Ensure information is not easily stolen or misplaced
• Ensure information is not lost through incorrect disposal practices

Why not try;

• Improve malware protection by implementing security on end-point solutions
• Increase awareness of the policies and procedures surrounding Data security
• Implement improved processes surrounding the disposal of media

Remember we naturally seek out things we enjoy, so make your goals and objectives positive, not negative; Hit DELETE on negativity.

 

Hit DELETE on Data

When it comes to Data Protection specifically, the DELETE key is most useful in helping you comply with Data Protection Regulations, like the GDPR and the DPA 2018.  Make January the time of the year where you carry out a review of the Data you’re processing to ensure it’s adequate, appropriate, and proportionate. It’s time to lose a little excess baggage when it comes to Data!

The third principle of the GDPR states that personal data shall be;

“adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.”

So it would be a good idea to review what Data you’re processing and decide if it is relevant. If it’s not… then delete it.

The fifth principle goes on to say that personal data shall be;

“Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;”

How much data are you controlling or processing? When was the last time you checked? Maybe now is a good time to do a little spring cleaning and hit DELETE on data that you no longer need to process. 

The sixth principle of the GDPR talks specifically about Confidentiality and Integrity, stating that personal data shall be;

“processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.”

 

Hit DELETE on Users

Let us take this time of year to review who has access to your systems? Yes, we know you have a process for removing people when they leave, but are you SURE they have been removed? All too often we conduct audits of a companies Active Directory (AD), only to find someone has ‘slipped through the net’, and they still have credentials allowing them to log in.

In addition, how sure are you that the people who have left have been removed from systems which aren’t controlled by the AD? We have seen Cloud-based payroll and accounting packages contain users who have long left the business.

So make this a time when you hit DELETE on users who have left your business.

 

Hit DELETE on Apps & Social Media

When was the last time you did a review of the Apps that are on your devices? Do you have apps taking up valuable space, or worse; syphoning off data to unknown third parties? Carry out a review of the Apps on your devices and hit DELETE on anything you don’t use, or no longer need. 

While you’re at it, maybe it’s time to take a close look at your social media feed. Who are you connected with? What information are you sharing? Are you sharing too much? Take a look at your own social media through the eyes of a novice, or third-party (you can call me and I’ll happily help).  But what information are you giving away? Have you revealed where you live? Your data of birth? The school, your kids, go to? Where you work? The route you take?

All of this might be perfectly acceptable, and you might be happy with it… or it might land you in hot water! So take a look at your apps and social media feeds, and consider if it would benefit from being deleted?

 

The Key to success is the DELETE key.

So there you have it; the Key to success has been staring right at you since you picked up your first computer. The Key to success in truth is keeping it simple. Don’t overcomplicate life, but rather take a look at what you have around you and see it from a different point-of-view. In truth, that’s the trick to Cybersecurity and Data Protection; It’s actually not as difficult as some might have you believe. The truth might be staring right at you, and you just needed someone to tell you what the secret was.