Knowing the Environment – Challenges and solutions around protecting what is important to you and your business

How do small businesses defend against cyberattacks? How do they prioritize teams and resources to achieve “cyber resiliency”? Is compliance alone enough to stay safe? In this episode of All the War They Want, Liz Nurse joins Carmen Brooks and Jeff Engle to talk about the importance of knowing your environment — particularly when it comes to cybersecurity for small businesses.

Background: meet Liz Nurse, small business champion

Liz’s background spans various industries, helping companies overcome challenges with everything from payroll and HR to cybersecurity. Today she runs 1^st Quadrant Services, a joint venture with Conquest Cyber specifically designed to provide cybersecurity for small businesses in America’s defense industrial base and other highly regulated industries.

Whatever she does, Liz is passionate about helping leaders with the unique challenges of running a small business.

The “lunchroom economics” of new environments

To illustrate the anxiety of entering a new space, both Liz and Jeff think back to childhoods spent moving around the country, in and out of different schools.

“There is nothing that creates more anxiety than walking in and not knowing how to navigate the lunchroom in an elementary school,” Jeff says. “Where do you pick up the plate? Which side do you start on? Which table are you allowed to sit at?”

Everything changed when Jeff moved to a new school in Wolf Creek, Oregon during his fifth-grade year: “I came in the first day in the middle of the year, and they assigned me somebody specifically to help me navigate through lunchtime. ‘This is the side to walk. This is the side that you get your plate. These are the things to avoid if you see that particular lunch lady. Steer clear of whatever she’s serving.’”

This one-on-one guidance made a dramatic difference in Jeff’s experience of a new environment. He explains that this principle still affects his decision-making today: “Do I want to create anxiety for people to see how they react, or do I want to minimize their anxiety?”

Some people will sit in a new environment to see what’s going on and then navigate it. Some will just give up to avoid the potential for embarrassment. Some charge in blindly, do it wrong, and don’t mind.

Jeff explains this perspective is valuable for any collaborative team effort: “that tells you much of what you need to know about people’s personalities.”

Based on her own experience, Liz agrees that constantly moving to new environments has helped make her resilient in her adult life. “I’ve worked in offshore wind power, I’ve worked in the film production industry, I worked in payroll, I worked in the restaurant industry, and now I’m in cybersecurity. My upbringing has allowed me to assimilate to different situations very quickly.”

In many ways, running a small business requires the same kind of resilience. “It takes a lot of courage to start a small business and a lot of grit to run one,” says Jeff.

Juggling priorities and line items is a lot to handle, but Conquest and 1^st Quadrant Services are here to help. “What I really like to do is come in and find a way to let them focus on their business,” says Liz.

Moving beyond compliance

To help eliminate the anxiety around cybersecurity, subject matter experts like Liz and Jeff provide education and direction. By acting as a consultant or guide to business leaders, they can help companies navigate the stages of cyber maturity:

1.       Compliance: what is a company doing today?

2.       Maturity: What is a company doing every day?

3.       Effectiveness: How well is it working?

In his book All the War They Want, Jeff explains that most businesses live in the compliance phase. Liz adds that many companies within the defense industrial base (DIB) barely meet that.

“There is an overall lack of education in the space. I don’t think people realize what it means to be compliant,” says Liz. “I do think that the current events today are changing, that people are realizing that there’s more that they should be doing — not just to protect their business, but to protect our nation.”

To understand the role of compliance, Jeff leans on an analogy from his time spent pilot training. Many of the regulations that cover being a pilot are in the Aeronautic Information Manual, a book that’s about “three inches thick.” When jeff first started flying, it was only 30 pages. “All those pages — those additions — are all the results of blood. People had to die in order to get those additional regulations.”

Compliance avoids legal retribution and the cost of violating contracts, but if leaders depend solely on compliance, they are trailing years behind the broad realization of risk.

“Essentially, there are three years of bad guys doing bad things before there’s time to write it into a compliance regulation,” says Jeff. “It’s not proactive … and you’re susceptible to what the bad guys are learning and doing and adapting every day.”

Helping small businesses understand cybersecurity

Liz emphasizes that compliance and risk can be quite challenging to navigate, especially for many small businesses that might not even have an internal IT team. “I might be working with the business owner who is very knowledgeable in construction or engineering, but they don’t know anything about cybersecurity. I’m providing that guidance for them.”

She says that the most important step may simply be getting started. “It’s a whole new set of acronyms, a whole new language that you basically need to learn, but you don’t necessarily need to dive fully into it. There are resources out there to help you.”

To learn more about compliance and cybersecurity for small businesses, visit 1^st Quadrant Services at 1stqs.com.

For more unconventional insights on cybersecurity and business, listen and subscribe to All the War They Want on Apple Podcasts, Spotify, or wherever you get your podcasts. You can also join the waitlist to be the first to get Jeff Engle’s new book All the War They Want.