Identifying the critical technologies in your business
It's tempting to jump in and try to reduce your cyber risk as soon as you learn about them. Before diving in, it's fundamental to stop and think about where your priorities are as a business. Trying to solve everything at once will create a pile of problems you'll never get through. Instead, try to identify the technologies that are fundamental and focus here first.
A good way to do this is step through your day and think about each of the technologies you interact with and rely on. Consider some of the systems that you rely on generally to stay across your business:
your email
your calendar
your phone
messaging apps
social media accounts
What are the systems that help you stay across everything happening in your business?
Step through your day
Have a think about your office, or if you work from home, wherever it is that you work from.
What sort of infrastructure or networks do you use?
What computers do you interact with?
Is there a printer that's key to how you work?
Think about the systems you store information in, that you use and interact with on a regular basis.
Is there a file share that you need?
Is there a cloud service you depend on?
Think about the information your clients share with you.
Is it stored in a cloud CRM?
Do you keep it in some sort of local application?
Have you got a series of documents stored somewhere?
Step through your day from the moment you wake up, to the moment you clock off for the day.
Each of these things you interact with are fundamental to the operation of your business. Each is important and worth assessing against the three areas of cyber risk.
If you have a team, what sort of systems do they rely on? Are they interacting with those things? What would happen if they were unavailable or if the information in them fell into the wrong hands?
Create a critical technology register
Note down each of the different technologies you interact with throughout the day. Consider how important it is that they're available, the type of information involved and how fundamental it is for you to trust them.
Also have a think about things from your customer or client’s perspective.
How do they find you online?
How do they interact and communicate with you?
How do they share information or access your systems?
Each of those things may be something fundamental to your business and something to include in your cyber risk planning.
To finish, don't ignore the things behind the scenes. Take a moment to stop and think about the systems supporting your business day in, day out. Your backup systems, networks, servers, or any other piece of technology you don't interact with on a daily basis.
Once you have your list of technologies (it will be a long list to start with) work through each one and consider the three types of cyber risk. Some things you won't be able to do without. There'll be others that could go away, but hold information that if it fell into the wrong hands would be catastrophic. Others will be fine as long as your trust in them isn't undermined.
Once you've finished this exercise, go through your list. Have a look at what bubbles to the top.
Which systems tick all three boxes?
Which ones are important in one or another dimension?
Use this as the starting point and and focus your resources towards the risks that concern you most.