Get your BCP, Culture & Cyber Security Both Agile & Resilient

In times of chaos or crisis, it's hard to see beyond "the now"

15 days to flatten the curve that has turned into… months. But don’t let it get you down as there are important things to build and progress to be made! I’ve always believed in actively creating the positive change you want to see in the world- and as we’ve seen in the past few months, fortune favors the prepared.

But I am wondering as we return to work, we look ahead to the rest of 2020 and 2021…What if we get a second wave? What if it’s another blow to your business, your customer’s recovery, or your supply chain?

I asked these questions to our partners and customers. For our friends and partners in IT Services, Security as a Service, and consulting… when your customers are able to reassess the future, what questions will they be asking you? What problems will you need to help them solve?

But the lessons still apply to all intrepid IT and IS leaders- how can you create trust and agility for 2021, will your culture and company hold together without it?>

For companies both big and small there are more major, difficult conversations directly ahead. (Yes, still. Sorry) Are we ready for an acceleration in multiple strategic directions all at once? That usually feels like the fabric ripping at the seams.

What needs to be done to find the right path forward within the framework of big complex business and tech and people changes like digital transformation, leadership upshift, agility, cyber security, and more?

From Kate: BCP, CULTURE & SECURITY CONVERSATIONS TO COME

Companies are faced with more fast decision-making on how to come back to work, but as all good scrum masters know, the learning is in the retrospectives. Have you had a virtual coffee with your customers or teams to ask some basic but critical questions?

1. 1. Did we do the right things to stabilize the business for the crisis while we were in the thick of it?
   2. What things were we not ready for? Were we really set up for remote working? Did everyone have access to the things they needed to continue their work?  Was everyone able to work safely and productively? Did everyone know what to do? Did they do it?
   3. What is the best plan of action to prepare for a still uncertain future?

"The digital part is a necessary thread, and indeed these digital, remote, virtual, cloud, data-centric changes are transformational. But when whacking in that new VPN or videoconferencing tool, thinking about the data and the systems first (or only!) is a recipe for failure. We’ve rushed through a bunch of changes since February and March. How have your people dealt with it? Did the culture shine through and people hung together and rallied around your customer value and teams? Or was it like wet spaghetti slipping through your fingers? Were you ‘agile’ as a team, were your relationships trusting enough to be resilient in a time of change?"

Kate Goldman
CEO & Founder Cybermaniacs
Follow

"For forward thinking people with an intrepid mindset.. these few months of recovery are an amazing opportunity to help our customers and businesses in profound ways. We can help companies level up, modernise, and re-optimise across multiple dimensions driven by a survival-instinct level business necessity we have not seen before."

from steve: DIGITAL TRANSFORMATION ACCELERATION IMPERATIVE

Will all businesses start to see how digital transformation is imperative for business growth and risk mitigation? Having worked in a variety of IT roles for 25+ years, Steve Hood is currently Channel Partner Manager for NTE Limited, a Managed Internet & Services Provider. His mission is to unravel the often complex world of technology through simple services. Why? So Channel Partners and their customers are better equipped to tackle technology challenges securely, cost-effectively, and with confidence. Here’s what he had to say about the challenge his customers face:

Steve Hood
Channel Parnter, NTE Limited
Follow

“Businesses big and small need to realise that technology alone doesn’t equate to Digital Transformation.  They need to consider People & Process, along with technology, in order to tackle transformation head-on. I would argue that the People element is the most important. If your employees understand what you are trying to achieve and why you’re doing it, and they are bought into it, then your chances of success improve greatly!”

from john: AGILITY MATTERS

The companies who embraced agility earlier and more wholly fared better during the first half of the Coronapocalypse. While the world is rife with uncertainties, disruptions, turmoils, dynamism, and ambiguity about the future, a business is more than a system to achieve numbers and goals. It is also its people, their experiences, sense of belonging, connectedness, a shared vision, and the tools and techniques to achieve it all.

John Mark Williams
CEO Agile Business Consortium
Follow

Agility is more than the skill to sense and respond. It gives our teams the power to predict and prepare. Organisations that seek to mitigate risk, invest in agility. This pandemic has proven it.

BCP CAN NO LONGER BE A STATIC DOCUMENT

Much BCP planning pre-2020 focused on the creation of a formal plan (and then sticking it in a drawer). But agility and resiliency mean that competency and culture are more important than the plan, which will never ask enough questions and will start to age the day you write it down. The gargantuan effort to create and maintain giant plans is not realistic. Or as I like to say: 

Post covidtimes and in order to survive the pancession, the ability for your organization to come up with creative solutions to new problems at speed will be a primary source of business value.

CULTURE MATTERS MOST AS GLUE TO HOLD YOUR PEOPLE TOGETHER

The graph above is quite the rollercoaster ride. Dare I say, unprecedented. A significant part of the workforce was asked to work in a new way in less than 24 hours. Then the explosion of attacks and threats from the cybersphere as the whole nefarious and malicious cast of characters exploited the chaos.

To adapt willfully, successfully, securely and rapidly to the changing situation requires more than process discipline and cloud technology- culture starts with leadership, is built by the team.

We can only expect people to do the ‘right thing’ in a crisis or work from home if it is embedded deep as part of your security culture.

from Michael: BASELINE DIGITAL COMPETENCIES AND CAPABILITIES WERE THE KEY DIFFERENTIATOR TO FLIP & RECOVERY

Flipping to ‘work from home’ in roughly 24 hours… an SMB would have had to have the right tech in place (obvs) AND users skilled enough in a whole host of digital competencies to do that quickly and securely (maybe not so obvs, AND enough culture and caring to hold the team together.

How many of your customers had great cultural underpinnings of agility to ride the wave? If they had the right tech in place at least, did the people who staff the company even know what to do?

Having an entire workforce be able to do the right thing, at the right time, in any scenario….means everyone needs to be upskilled ready to roll on all BASIC CYBER THREATS & DIGITAL COMPETENCIES in a continually updated model.

Hey IT Service Providers & MSPs: Many of your customers are without cyber training, or have immature, disconnected, and underfunded programs. Only 25% of SMEs currently run cyber awareness training and only 53% of companies overall. DYK? Of the 260 billion currently spent on cyber security hardware, software, and services globally, only 1B is spent on cyber awareness training for employees.

This seems shockingly out of proportion with the research that shows 80% of breaches and incidents were caused by human errors, mistakes, and snafus. And it showed during this crisis. We heard countless stories of small, midsize, and even some large well-known brand names that struggled with the shift to remote work, virtual teams, weren’t set up securely and suffered huge losses in productivity. We also heard stories of a few great small businesses who were able to pivot and thrive in real-time because they had started to embrace digital transformation, agility, and culture years ago. 

Michael Brett
CRO/COO
Follow

"Looking back, we felt we were able to switch to remote working quite easily, as we had spent the past few years optimising our business across multiple levels. Being prepared meant we were able to focus 100% of our effort on our 3 point model and meeting the shifting market, rather than worrying about the tech or new workflows of our teams. The three points we focused on were awareness of outside forces to meet the market, agility that allowed us to shift product strategy and react quickly, and action which ensured the team is meeting our customer needs for rapid communication and partnership during the crisis."

THE SOLUTIONS YOU CREATE NOW WILL EITHER CREATE OR BREAK TRUST IN 2021 

Many businesses caught off guard will desperately need to make the changes to survive and thrive. Some of the answers to the questions above will require extraordinary business transformation and will require months of planning implementation and execution. But with any change portfolio, some can be those small wins, quick fixes, and slam dunk solutions.

• What can be done now, what is easy and inexpensive?
• Where do we not have the expertise or the ability to scale?
• What are the plug-and-play solutions so we can focus on strategic imperatives and business-specific essentials?

Here’s one big question to ask and answer for your customers. Did your people know what to do to keep your company and customers safe? What if it was easy to start to fix that so you can move on to harder things?

For many companies, cyber security training for employees will be on the wish list of things to implement in the next 6 months. (or as we like to say, YESTERDAY).

Our entire raison d’être is to create cyber-secure humans that act as continuously adapting cyber defense agents. This means they have absorbed and contributed to a culture of security and therefore have the mindset and values as well as the competency and skill to do the right thing at the right time for themselves and your business on any digital front. The explicit knowledge-based short-term training of the past will absolutely not get you here. We feel that’s because creating a cyber secure human starts with “the human”, and that’s not threat-based (ie just phishing) but centered around their whole life

To be totally honest the e-learning modules about password safety have been going on for 10 years and haven’t gotten us anywhere. Why give them something old, training that was built three years ago on technology styles and approaches that quickly become stale and outdated?

Why in this time of psychological stress would you increase the complexity of guilt fear or shame that is commonly associated with cyber training? Frankly, we don’t think negativity is a good move right now.

So when your customers talk to you about security, first ask about their people. Ask about their culture. Ask if they’d like to create happy, safe employees- regardless of where they work. (and if the answer is yes, you might want to check out our partnership program, just sayin’).