Today I’ll be shooting a 3-minute video to send into the good folks at TEDx Greenville. It’s a fascinating process trying to take all this stuff I want to say and narrow it down into a consumable few sound bites. This post will be my outline for those three minutes.
The Good News – Three key points
Desired take away.
Introduction- My name is Adam Anderson. I am an cyber security entrepreneur and author.
My big idea – The problem people are having with Cyber Crime isn’t in the realm of computer science. It’s in the realm of behavioral science.
Surprising information – We spend millions on cyber defense creating cyber fortresses. When done correctly our companies become islands of safety for our intellectual capital, critical infrastructure, and private data. When a large company becomes the latest Hacking Headline the vast majority of those breaches came from a break down in the human side of the equation. Be it clicking on an email or granting access to a less secure vendor, behavioral science is the culprit.
So what’s the good news? We can take these lessons from large company breaches and apply them to our personal lives and small businesses.
1.) Lock down your goals.
2.) Get the technology in place.
3.) Build the habits to reenforce the behaviors that lead to your goals.
Let’s look at a hypothetical small business ransom ware attack through the lens of those three steps.
The small business sets the goal to serve it’s customer’s and builds out a business canvas that shows how their business operates.
Our small business follows the guidelines of the National Institute of Standards and Technology’s Cyber Security Framework and has policies, processes, and technology in place to keep 98% of the bad actors out.
They know from this process that the most likely attack that will work on them is a Phishing attack. This means they need their employees to create habits around safe email conduct. Using behavioral science they set up aligned incentives for email behaviors they desire and provide the tools needed to monitor that behavior and reward desired outcomes.
My hope for you, regardless if you are dealing with cyber crime as an individual or as a company, is to realize that you don’t have to be a victim.
Here is the finished product….