Finding The Hidden InfoSec Story

DIY? Know Your Limits


At this time of the year, I like to think I am coming out of hibernation. It’s great to see the days get longer and the sun start to shine again.

But then my mind turns to the many jobs that need doing around the house – jobs that given a bit of time, the right tools and perhaps some advice on how to deal with a given ‘challenge’, I could probably do myself.

So having drawn up the DIY to-do list for 2015, (depressingly similar to that for 2014 I might add), I am in the process of prioritising the tasks. My qualification is usually based upon four factors.

First, can I do the whole job? I really don’t like embarking on a job that I am not competent to complete. Secondly, how long will take? A few hours, a day, a weekend or longer? The third factor is that of procrastination – in other words, how long can I put it off for before it becomes really critical?

The fourth and final factor focuses on quality. In my opinion, if a job’s worth doing then it’s worth doing well.  My obsession with preparation serves to draw a simple task out even further. Indeed as a result of one extended period of procrastination, my wife took matters into her own hands. She then gleefully reported back to me that she had decorated our sitting room in just an hour or so. All I was required to do was the ceiling, the edges and the woodwork!

As for my to-do list, it is almost entirely centred around maintenance rather than home improvements, things that probably only I will notice, but these are jobs that if not attended to soon will become more of a problem the longer I leave them.

Small businesses face a same dilemma when dealing with cyber security. Firstly most small business proprietors and their staff are unlikely to have the required skills to maintain their cyber security controls on an ongoing basis.

The difference between me and the tradesmen I generally rely on is that they do the same jobs over and over again. They have honed their skills, such that they do a good job in the optimum amount of time. There is possibly a degree of trial and error, but that goes largely unseen and doesn’t affect the outcome.

However, for the small business, the DIY approach to cyber security is fraught with danger. After all, the downside of playing with a home improvement tool is some wasted time, but doing the same with cyber security can lead to far more serious damage.

Secondly, how long will the task take ?  The bottom line is that a business owner will always have a long list of other things to attend to, such as making a profit and developing the business. Devoting time to cyber security DIY, if you are not 100% sure of what you are doing, is asking for trouble.

The same could be said of my third factor, procrastination. Putting off cyber security should not be considered an option. Whilst I was prepared to put off a recent dripping tap, as annoying as it turn out to be, security vulnerabilities are there for the world to see and for hackers to exploit at their leisure.

And so to my obsession with quality. This should be non-negotiable, a botched job where cyber security is concerned can have far reaching consequences.

Small businesses know they can’t really ignore cyber security, but it is not a day-to-day priority, nor something they can feel confident about dealing with themselves.

Whilst my flaking paintwork is a constant reminder that there is a job to be done, the gaps in a company’s security can go unseen. Which is why it is important to consider entrusting cyber security to those who do it, day in, day out.

I might be prepared to climb a ladder, to sand and paint my flaking windows, but I won’t touch anything that involves electricity, bar changing a light bulb, Not because electricity is inherently complex, but because it requires a level of competence that I don’t have. What’s more the potential ‘fall out’ from a botched job can be truly shocking, just as with poor cyber security.

Author: Richard Jones

Share This Post On