I remember when I used to walk into a boardroom of executives at a hospital when running my Managed Services Provider company, I would dig into details after a little chit chat.
I’d refer to my huge report of well over a thousand pages of things wrong with a network as a means to communicate to the executive team that they could do a lot better when it came to their network hygiene and cybersecurity.
The result?
A glazed-over team ready to be done with the meeting.
The truth is even though I was super interested in the nitty gritty results of which computers were missing what patches, configuration problems, administrative accounts and password issues throughout a network, most executives were not—even those that had called us in for an audit because they were concerned about their security stance and given growing concern about ransomware attacks and breaches plaguing both the healthcare industry and their communities.
What I quickly learned was yes, there is a time and place for detail, but it’s not in the room with decisionmakers and leaders. They want the headlines, the major concerns and a path forward. They rely on their technical hires to concern themselves with the rest of the issues.
To easily communicate issues and help them connect the dots, leadership require analogies that they can tangibly understand. If you can’t easily boil down technical issues (most of cybersecurity issues that we find on networks are technical in nature), you’ll probably get that same glazed-over look from your client when running through a completely technical report.
Explaining security concepts and issues to your clients, friends and families is one of the best parts of being in the information technology industry.
Your challenge today is to create awareness within them, to be focused on making risk-aware decisions that drive their security stance personally and as organizations.
It’s really unfortunate that many of us (I’ve been guilty of this myself) is explaining cybersecurity issues on too technical of a level. In order to have a receptive prospect, client, or audience, you need powerful messaging that gets them to listen AND remember something.
Having some golden nugget analogies makes a HUGE difference in getting people to understand the issue at hand, retain information and change behaviors/ mindset on how to be secure.
I am so passionate about the concept of communicating and creating a culture of cybersecurity within organizations that I sold my MSP a year ago and set a mission for myself to protect over a million people by 2023.
One of the biggest ways I’ve found to get my message out is by creating crystal clear analogies to explain and support underlying technical security problems plaguing our businesses.
While I go through explaining how to use analogies to go through our mini penetration test product in detail in our latest security operations (SecOps) call to help other MSPs evaluate and communicate their client and prospect cybersecurity issues, I wanted to highlight a couple of gems here to help you get started thinking about how you might communicate security to your team, clients, or potential clients.
Hygiene — when getting your clients or prospective clients to start thinking about cybersecurity, I’ve found it much more helpful to link the state of their network (and data) back to hygiene. We all understand what hygiene is and know implications of poor hygiene. When getting clients to perform an assessment, having something (like a mini pen test) to create awareness and visibility on not just network issues but personal (or team-wide) issues in how data is being stored and managed on your network can be a powerful tool.
Their houses — when you talk about security in the context of protecting their house(s), you create visuals that everyone can relate to. Home security companies have already created the images engrained in our heads of burglars and thieves breaking kicking down doors or opening windows. We clearly understand and dislike the thought of someone coming in and touching our stuff. If you can relate their security posture and ease of access to data back to protecting a house (or housing development), you likely will be in a better place getting folks on board and understanding the what and the why behind their growing problems.
-—the news over the past ten or so years has created high alerts to security vulnerabilities at airports. People bringing homemade bombs on planes, stowaways and crazed passenger stories flood the news circuits underscoring problems with our current security screening. The bottom line with airport security: things feel safe until they aren’t. How do you know the security measures you are paying for are actually working? Does anyone trust the TSA completely, given how people are able to bypass the line without incidence? By relating cybersecurity investments to the TSA, you can easily bring into questions of the black box of cybersecurity that you’re trying to illuminate.
The most important part of communicating security is creating awareness. If you have something like a mini penetration test to shed light on how cybersecurity mistakes or mis-steps lead to actual risks, you’ll have a powerful argument that many leaders will gravitate toward.
