Scaling is the goal of most technology organizations. You want the high growth rates that the hottest tech companies brag about. However, the fanatical pursuit of scale tends to miss a huge blind spot.
The Blind Spot That Stalks Scaling Companies
Let’s say you come up with your next software release through a one-week hackathon. That’s great, but should you merely roll that release out into production? If you already have a sizable customer base, that’s a huge mistake. You need to breathe, pause, and think through the customer experience. In 2019, expectations have shifted. Today, a robust customer experience requires solid cybersecurity.
Neglecting cybersecurity in your pursuit of scaling will hurt your reputation, scare away business partners, and cause lots of stress.
What Causes Scaling Security Problems?
Before we can solve the problem, let’s consider what drives the scaling security problems.
1. Cybersecurity is an afterthought
Ask yourself this: when does cybersecurity join the discussion for new products, releases, and innovation? Your answer to this question will reveal a lot about your cybersecurity vulnerability.
In our experience, cybersecurity teams tend to be involved throughout the development process or consulted at the 11th hour. Late, rushed cybersecurity team involvement drives scaling security failures.
2. Unbalanced company goals
Your corporate goals may be incentivizing high-risk scaling. You may start with a goal to acquire 1,000 customers or launch two new products this year. However, you also need to balance those goals with cybersecurity and customer experience goals. Without a balanced set of goals, complaints and system failures are much more likely to occur.
3. Weak vendor management
It doesn’t matter if you’re a Fortune 500 or a three-person startup, vendor management skills matter. Just think about all the software as a service apps you use every day. Leveraging vendors means you’re released from the obligation to develop infrastructure and expertise internally.
However, you must keep responsibility for oversight and management for these providers. This oversight process starts with the initial negotiation with the vendor. Does it have the ability to scale up? Is it able to maintain security rigor when volume increases? After the vendor is established, you also need to review it regularly from a cybersecurity perspective.
Your Path to Safe Scaling Without Hiring 100 Cybersecurity Specialists
Traditional management thinking would tell us to hire our way out of the problem. If cybersecurity is weak, go to the market and hire more staff. In some cases, that’s the right move. However, if you already have a reasonably effective cybersecurity team in place, you need to take a different approach.
The better approach is to leverage process and tools designed with scaling in mind. The best part of this approach is that your cybersecurity team will thank you because you’ll relieve them of some of the most repetitive and dullest tasks that come with security work.
Quick Wins for Scaling Security with Cybersecurity Software Solutions
To enable high-scale growth, review your suite of tools this week. You need to assemble the following to achieve consistent security control:
- Single sign-on: Nobody likes memorizing passwords. That’s why some many people fall victim to “password reuse disease.” To reduce the number of passwords your employees have to manage, implement a single sign-on software solution.
- Self-serve password management: Forcing employees to call the help desk for password resets is humiliation and hurts productivity. That approach just doesn’t scale up. That’s why we recommend leveraging a modern password management solution.
- Access governance: What happens when your organization expands rapidly? Administrative processes and procedures tend to be ignored. In cybersecurity, that means you may face access governance gaps. That means heightened hacking risk, negative audit reports, and worse. Avoid those problems with an access governance software solution.
You might be wondering: “How will I get the executive committee to approve buying and implementing all this software?” In most cases, the next best step is simple. You need to develop a persuasive business case. Not sure how long that will take? Find the answers in our article: “How Much Time Should You Spend on Your Password Management Business Case?”
Quick Wins for Scaling Securely with Improved Cybersecurity Processes
In addition to software, you can achieve quick wins during scaling with process. Now, don’t misunderstand us. We’re not telling you to kill your momentum with bureaucracy. Instead, we recommend using “just enough” process. After you instill these practices, make it hard to propose additional processes. Otherwise, anxiety-prone cybersecurity professionals may stifle your growth rate.
- Regular management reinforcement: Cybersecurity is the responsibility of all employees. To make that message clear, ask people managers to share cybersecurity tips with employees quarterly. For high-risk employee groups such as managers and IT personnel, frequent reinforcement makes sense.
- Annual training for all employees: Aside from cybersecurity specialists, you can’t assume that your company’s cybersecurity requirements are widely understood. We recommend using security jargon such as phishing and denial of service attacks with caution. Show how such attacks cost customers and employees.
- Set password management rules: Password practice tends to be a weak point in our view. You may see employees reuse the same password across systems. Alternatively, you may see employees write down passwords on slips of paper. To discourage these high-risk behaviors, give employees clear password rules they can follow. Use our article “5 Ways to Make Sure Your Password Is Secure” as a starting point in creating your password rules.
- Spot check physical security practices: What happens if a determined attacker gains physical access to your office? Defending against such an attack is very difficult. That’s why periodically reviewing and testing physical security practices is a smart move. For example, once a month, randomly inspect the work areas of 10 employees after hours. Did they leave any sensitive materials out in the open? Provide training to those who may be misinformed on physical security. After all, it’s much easier to launch an attack when you can physically install a device.
Now that you understand these quick wins, you can scale up your company’s operations without taking unnecessary risk.
