Cyber security is effected by your office culture
By now, most people have heard of the cyber security incident at Equifax. Unfortunately, Equifax is not alone in its tech team laziness. When you look deeper into what happened – a lot of it shows just a deep cultural malaise that I think is more common at companies then people think. My assumption is its tech team is part of a negative office culture that in turn promotes poor work ethic. This resulted in poor upkeep and monitoring to Equifax important security infrastructure that also happens to hold your information.
Yes, this is pure speculation, but the disturbing news that 182,000 US Citizens are effected by this security breach digs deep to me as a tech. An important server simply didn’t have a security patch that had been available for awhile. Ouch. Really?
If you are non-technical, know there is absolutely no excuse to why this happened. However, perhaps the office culture influenced the issue.
Having been in technology for 20 years, I have been exposed to many different networks and team environments. From Mom N’ Pop to Microsoft, I have been lucky enough to see a diverse set of teams and office cultures over the years. I do not have exact data for you at the time of this post, but what I have seen with my own eyes:
- If a technical team hates their job – a company of any size is organically less secure. They don’t care.
- If a technical team loves their job – you are likely more secure. They care.
I realize that is a generalization, but I’ve been thinking and reviewing office cultures for years and try to implement the best aspects of what I have experienced into Network Medics every day. I interview technicians from our competitors and hear about their office cultures. It is important Network Medics have a great office culture as it keeps our quality at its apex.
Knowing that, here is a hypothetical situation that could have transpired at the time. Let’s say you are the tech responsible for the patch failure at Equifax. Think about it from their perspective and why it happened. Not many know what you do, the office culture is horrendous, and the night of that important patch install you had to make a hard choice. Your choice is going to the U2 concert with your spouse vs. staying at the office until 3am to update the latest patch.
I would guess you aren’t going to choose the update patch and job security when you hate your job – and there are hundreds of tech jobs available right now.
So what do you do as a business owner? It is never a good feeling when “you don’t know what you don’t know.” Thankfully, you can change that on some level if you plan what to do if your company is hit by a cyber-attack.
At some point, your business WILL have to deal with a cyber security incident. Delaying too long in making critical decisions will worsen the impact of the incident but, conversely, making quick decisions can cause further damage as well. Part of our VitalCare Managed IT Services include a technology plan, which includes a workup of your disaster recovery needs. We help you answer the questions you don’t know to ask.
I recommend you surf to the Equifax site to see if you were affected by their security breach. They offer free monitoring as well as a credit freeze if you need it. However, I thought it was ironic they ask for you to enter in personal information into a website after getting breached. Hopefully Equifax will take a hard look in the mirror – and maybe take a peek at the culture in that department.
Written by:
Kevin Calgren
Partner of Network Medics
Minnesota Business IT Consultant
Questions about
