Traction and Cyber Security

In the past 6 months I have been given the book Traction on three separate occasions by three different people.  The story is always the same. “Hey Adam, you really need to read Traction.”  It happened so often I began to get a bit defensive!  What do you mean I need business help???  My business is fine!  I don’t need your silly book!

Well, I broke down and read it.  Low and behold, those well meaning people were right.  Even though I had a profitable business on my hands with an 11 year history, I had a lot of room to make things better.  

For those of you who have not read the book, Traction is a business framework, or an Entrepreneur Operating System (EOS).  It is a systematic way of approaching the why, how, and what of your business and framing them into repeatable, reportable, and scalable systems that have defined roles and responsibilities.


You see, the first step in cyber security is to Know Thyself.  You can’t protect important stuff without knowing what your critical business processes and data are. Up until reading this book I used the Lean Business Canvas to get a snapshot of those critical processes.  But a snapshot means we don’t have complete understanding.  This means at best we can only create a partial security solution.

In some cases this is OK.  Following the 80/20 rule where 80% of the value is created by 20% of the business processes, we have a system that works.  My frustration was in how to present the security businesss continuity and disaster recovery plan to the business owner in a consumable and actionable format.

No one wants to read a 100 page report and you don’t score points for total word count if no one reads it.

Using the idea of a business score card that is outlined in Traction, I can attach Business Risk to each of those scores and outline how disruption of the supporting business processes might impact the score card.

For example, let’s say sales is one of your key business processes and networking and asking for customer referrals are some of your key behaviors for getting new clients.  If you suffer a cyber crime attack and all the customer information is pulled out of your customer relationship management (CRM) resulting in you having to work with the FBI and contact all your customers, what is the impact to your business?

Well, who knows?  It could be that no one will work with you again.  It could be that your customers respect you and are more likely to recommend you.  The difference?

It’s about how you handle the cyber attack, not that a cyber attack happened that will impact your business.  

If you’re not prepared, and you’re a CPA with an attack in March, you might just go out of business.

To sum up, business frameworks like Traction provide the clarity into your business that you need to effectively apply cyber security.  Without this knowledge anyone selling you technology is like a doctor prescribing medicines without ever talking with or running tests on you.

Adam Anderson

Adam Anderson is the author of Built to Survive: A Business Person's Guide on How to Recover and Thrive After a Cyber Attack. Adam’s 15 years of entrepreneurial startup experience and his knowledge Enterprise Cyber Defense gives him a window into what’s wrong with communication between large and small companies. He combined this knowledge and the good works from the National Institute of Standards and Technology’s Cyber Security Framework to co-author the book “Small Business Cyber Security”. This book was later turned into an online class by Clemson University. Adam has been active in peer advisory boards for small business CEOs. He took this experience and co-founded a peer advisory board for Chief Security Officers of fortune 500 companies. This mix of small and large businesses has positioned Adam as one of the few people in the world to understand the complete supply chain of cyber security.
Posted in