“In so many areas of life, you need to be a long-term optimist but a short-term realist.” ~Captain Chelsey “Sully” Sullenberger
With the recent release of the movie “Sully,” we are reminded of the near-death experience for all on board the flight that crash landed in the Hudson Bay. But when you think of the airline industry, you still understand that it is one of the safest modes of transportation. In 2014, aviation was twice as safe as a decade prior, according to Flight Global. It’s an industry with an incredible record of risk reduction over the decades. What might you take from the airline industry and apply to yours to improve your risk management? Have you heard the term, High Reliability Organization (HRO)? According to Wikipedia, it is an organization “that has succeeded in avoiding catastrophes in an environment where normal accidents can be expected due to risk factors and complexity.” Here are some of the concepts from aviation that could be applied to cybersecurity to improve your organization’s ability. You need to avoid digital catastrophes in an era when the news is littered with stories of data theft. Become a cybersecurity HRO.
Plan for identified risks
What do you know is a big risk in your industry? For cybersecurity, that list should include phishing attacks, social engineering, mobile threats and viruses. No pilot flies without formulated escape plans for known risks. Start by identifying your risks then formulate your plans. According to Kaspersky Labs, your plan should include requiring strong passwords, not opening suspicious emails, destroying sensitive documents, using VPNs and keeping antivirus software up to date.
Define what requires a no-go decision
When flying, a pilot will be informed by air traffic control if severe weather requires the plane to be grounded. It’s a decision based on predetermined factors, like a checklist of must-haves for safe flying, and when they aren’t satisfied, flights are grounded. For your business, define the absolute must-haves for technology solutions. Implementing some awesome new cloud solutions? Does it meet your important must-haves for security? Don’t increase your risks because you choose to compromise in important areas in order to get the latest and greatest UI.
Crew resource management (CRM)
Prior to a deadly crash in 1977, the captain on the flight was the top dog and as such, his crew didn’t question his decision. However, when a captain’s decision in ‘77 led to the worst air disaster in history, the industry quickly changed things and implemented CRM, using all effective resources, including flight crew personnel, to ensure safety. Many data thefts can be attributed to human error, but if organizations in every industry implemented their own flavor of CRM, they could reduce risk. Take a step back and ask yourself what communication is like in your business. How does the organization handle and respond to human failure? How do employees question the choices of management, if at all? Create an environment of safe, open communication that helps foster all employees sharing ideas and accepting responsibilities.
Pilots today are judged by the criteria of compliance. The entire industry shares in their sense of duty towards safety. Do your people share a sense of duty towards digital safety? In the airline industry, they understand that there’s always more than one cause in an incident. To break the chain, they’ve implemented multiple areas of protection, from checklists to redundancy, warning systems and consistent monitoring. What procedures can you add in your department to insert a chain breaker in a possible digital threat? Cybersecurity is a very real threat that’s only increasing each year.
Take the necessary steps to be a cybersecurity HRO. We can also lend a hand with our Enterprise Security Toolkit for Small Businesses.