Practising cyber security 'mindfulness' in a digital age

About 10 years ago Kainos offered staff the opportunity to obtain a bicycle via a Cycle to Work Scheme. It was a great opportunity to start my journey (pun intended) on the road to a fitter and healthier me. I was excited about getting my new bike, I felt like a child the night before their birthday! The wind was taken from my sails rather quickly though, as I was told I could take possession of the bike until I had completed a cycling proficiency course ?.. yes, you heard that right! I thought, I'm a grown man, I've been cycling for more years than I have digits and I'm being asked to sit a cycling proficiency test. "You have got to be kidding me", I said. 'No' was the response it was viewed as a moral obligation; Kainos can't rent you a bicycle without being sure you can ride it properly. I was a bit peeved to say the least, but as I had no option, I decided ok, let's just get it over and done with ASAP. Although I didn't feel so bad when I heard that some of my colleagues had to go through the same pain. I made contact with the course tutor a few days later and arranged to do the course by the end of that week (Thursday at 10.00am, if I recall). I was pleased with the quick turnaround; it meant I might be out on my new wheels by the end of the week. Thursday arrived I had taken the morning off to do the course. I can't say I was delighted about the prospect, but if it's the only way to get my feet into some new cleats, then so be it. I forgot to mention earlier, the examiner agreed to come to my locale to do the training. That seemed sensible at the time, but when they knocked on my door and I looked outside, I thought "great, my neighbours are going to think I'm a real?" Regardless of my concerns and potential embarrassment, I had to bite the bullet and get to it, and that's just what I did. The training course lasted about 1.5 hours did I pass? In fact, I did. The more important question was did I learn anything? I didn't expect to, but I actually did yes, after 34 years (give or take) I too still had something to learn about riding a bike. What was that great lesson? Well it was two things:

• The first was to make yourself 'bigger' in making yourself bigger, you make yourself more visible! How do you make yourself bigger? Simples be more upright on the bike, place your arms out wider and move your bicycle out of the gutter. I was advised to ride this way when I was approaching a dangerous junction or when I was cycling in a potentially hazardous environment (i.e. city cycling).
• The second was the art of assertive cycling. Basically, it is cycling whilst being mindful of all of the dangers and taking positive conscious action(s) to avoid the risk. In particular, I was advised to make eye contact with vehicle drivers, when making a manoeuvre that could be considered precarious. That one learning has saved me more times than I can remember over the last 10 years, so thank you very much Kainos, you have saved my life (quite literally).

So, you've been reading this short blog for 90 seconds and there's been no mention of security training, passwords, phishing what's the point I hear you say. Well, let's move from the world of a transport highway to the cyber super-highway. We all know that in a cyber environment there is inherent risk of a security incident at every juncture, especially in our business of delivering complex digital solutions. In today's 'right-now' digital society we want that shiny new 'bike', but we don't want to do that proficiency test or use any of those 'safety' tools. What's the point? I won't learn anything by completing that 'Information Security Awareness' or 'Guarding Data' training anyway! You may already be aware of the risks, so may not learn anything new, but completing those 'cyber proficiency' training activities will make you more conscious of the digital dangers. If nothing else, they will make you more mindful and assertive regarding your actions (should I download that invoice from someone I don't know, without confirming their details; should I download that app from a torrent site, that could be distributing malware as a 'bonus'). Like me on my bike, being mindful and acting with purpose may one day save you or your company from a critical cyber-accident. My last blog finished with a few lines and a take-away. In Kainos we love to re-use, so I'll go with the same few lines... What you do matters, it matters a lot! Practice the art of cyber-security mindfulness and become an assertive digital technologist I guarantee it'll help to keep you and your customers' stuff safe.