When a company’s computers are hacked, management’s first impulses often are to invest in better software, better virus protection packages, better computers or even entire networks.
But they may be putting the emphasis in the wrong place.
“The problem’s root cause is usually not the technology, but people,” says J. Eduardo Campos, co-founder with his wife, Erica, of Embedded-Knowledge Inc. and co-author of From Problem Solving to Solution Design: Turning Ideas into Actions.
Campos, who worked as Chief Information Security Officer (CISO) in large international corporations, says “organizations that take a simplistic approach, assuming “computer hacks are an IT department’s problem” are headed for trouble. “Cybersecurity is everyone’s job,” he cautions.
For lasting results, Campos harnesses the power of solution design techniques to develop cybersecurity systems and protocols, based on the I.D.E.A.S. framework, outlined in his book:
Identify. Get to the root cause of the problem. Step back, take a breath, and assess the situation, so that you will ensure you are treating not just the symptoms.
Design. To avoid security breaches, take time to determine the options that can be used to address all the problems related to these issues.
Engage. Confirm that everybody who is impacted by a new cybersecurity program or effort is on board with the changes before they are implemented.
Act. Implement mandatory training for all employees to explain the common ways hackers enter the system, including how phishing works.
Sustain. Design metrics to keep cybersecurity policies in place and implement an easily accessible system for employees to identify and report incidents.
“The company that truly engages all of its employees, suppliers, vendors and other stakeholders to be knowledgeable and aware of basic cybersecurity protocols,” Campos says, “will have a much better chance of countering criminals.”
J. Eduardo Campos and Erica W. Campos are co-authors of From Problem Solving to Solution Design: Turning Ideas into Actions.