• i-confidential

Improve Your Cyber Security with the Power of Tiny Gains



By Chris Harragan, Security Analyst at i-confidential

 

Making big changes is hard.


But what makes it so difficult?


Anyone working in large organisations will have noticed the effort needed to change the way things are done. It’s tough. You must outline the roadmap, find agreement, seek approval. There’s no end to the red tape involved.


Whilst you’re waiting to implement these changes, nothing is improving. You’re stuck in one place. And often, when you’re not getting better, you’re falling behind.


So what can you do about it?


You need to embrace the magic of compounding.


Albert Einstein called compounding the eighth wonder of the world. Compounding is usually referred to in a financial setting. It shows how a small investment, with the benefit of interest, can grow to a surprisingly large amount over time. But it can also be applied to other areas of our life.


Best-selling author James Clear applies the concept to building positive habits:


“If you get one percent better each day for one year, you'll end up thirty-seven times better by the time you’re done.”

This literally works for anything. So, let’s apply the power of tiny gains to cyber security.


At i-confidential, we help clients create roadmaps to bring focus to those activities as part of our Security Assessment. Yet, the volume of work required can be overawing. Therefore, we usually suggest some short-term improvements that organisations can make. This quickly starts the process of moving back within the client’s desired risk tolerance.


One example could be an organisation that doesn’t have a full inventory of third parties. But they will have an idea of the highest-risk third parties. Instead of waiting to compile the full Inventory, getting on the front foot of assurance activity is a great way to show progress and improvements against the risk. Tiny steps help to improve the overall position and ingrain a security culture.


Small daily improvements to all areas of your cyber security compound to become big improvements over the course of a year. By focusing on ‘little and often’, our clients can quickly see results.