In the past 6 months I have been given the book Traction on three separate occasions by three different people. The story is always the same. “Hey Adam, you really need to read Traction.” It happened so often I began to get a bit defensive! What do you mean I need business help??? My business is fine! I don’t need your silly book!
Well, I broke down and read it. Low and behold, those well meaning people were right. Even though I had a profitable business on my hands with an 11 year history, I had a lot of room to make things better.
For those of you who have not read the book, Traction is a business framework, or an Entrepreneur Operating System (EOS). It is a systematic way of approaching the why, how, and what of your business and framing them into repeatable, reportable, and scalable systems that have defined roles and responsibilities.
You see, the first step in cyber security is to Know Thyself. You can’t protect important stuff without knowing what your critical business processes and data are. Up until reading this book I used the Lean Business Canvas to get a snapshot of those critical processes. But a snapshot means we don’t have complete understanding. This means at best we can only create a partial security solution.
In some cases this is OK. Following the 80/20 rule where 80% of the value is created by 20% of the business processes, we have a system that works. My frustration was in how to present the security businesss continuity and disaster recovery plan to the business owner in a consumable and actionable format.
No one wants to read a 100 page report and you don’t score points for total word count if no one reads it.
Using the idea of a business score card that is outlined in Traction, I can attach Business Risk to each of those scores and outline how disruption of the supporting business processes might impact the score card.
For example, let’s say sales is one of your key business processes and networking and asking for customer referrals are some of your key behaviors for getting new clients. If you suffer a cyber crime attack and all the customer information is pulled out of your customer relationship management (CRM) resulting in you having to work with the FBI and contact all your customers, what is the impact to your business?
Well, who knows? It could be that no one will work with you again. It could be that your customers respect you and are more likely to recommend you. The difference?
It’s about how you handle the cyber attack, not that a cyber attack happened that will impact your business.
If you’re not prepared, and you’re a CPA with an attack in March, you might just go out of business.
To sum up, business frameworks like Traction provide the clarity into your business that you need to effectively apply cyber security. Without this knowledge anyone selling you technology is like a doctor prescribing medicines without ever talking with or running tests on you.