Is your business protected from cybersecurity attacks?
If there was a breach, would you know what to do?
How would you recover, or could you?
Is your business covered by cybersecurity insurance for the loss?
As the de factor standard for cybersecurity, the Commerce Department’s National Institute of Standards and Technology (NIST) recommends a cybersecurity framework inclusive of five categories: identify, protect, detect, respond, and recover. In today’s blog, we discuss three key components of this strategy—remote work/bring your own device policies (protect), incident response planning (respond), and cybersecurity insurance (recover)—and how they can enable your organization to prevent or survive a cybersecurity incident.
Policies for remote work and BYOD
Policies around remote work and bring your own device (BYOD) have been important for years. But with companies moving quickly and desperately to widespread remote work in response to COVID, data and systems are spread further than ever before, often without adequate protection. Employee use of tablets and smartphones to access business applications, data, and networks has decreased business’ security because it provides an entry point into the company’s network (Ponemon Institute). For example, your employees may access your systems via their own devices that they share with their children. Or, even if they are using company devices, they may log on to your IT infrastructure from multiple networks. They may work from home one day, a Starbucks the next day, log on from their child’s school later in the afternoon while waiting for them to finish practice, go to a remote work site the following day, and on and on. A remote worker could be on 10+ networks in a single week. And this doesn’t even cover employees who travel.
Establishing acceptable use policies regarding remote work and personal devices is an integral piece of cybersecurity strategy. These policies help you minimize exposure to cybersecurity risks and protect your proprietary data. For BYOD, these policies may include a requirement for users to register their personal devices with IT, allow IT to install security software on the devices, and report lost or stolen devices. Remote work policies may include rules around passwords or the use of multi-factor authentication (MFA), security of networks, and more.
Stay Connected!
Get the latest IT trends and best practices in your inbox.
Cybersecurity incident response planning
Several metaphors can be applied to incident response planning, but the most apt one is ‘You can’t learn to swim when you’re drowning.” Trying to figure out how to address a cybersecurity incident at your company after the incident has occurred and while you are coping with the aftermath simply will not work. Time is of the essence when incidents happen, and wasted time potentially means more lost data, more risk, and more lost money. An incident response plan—critical for companies in general and often required to get cybersecurity insurance—can help.
An incident response plan lays out the step-by-step process—including roles and responsibilities—your company will follow in the case of an incident. Every action is critical for a positive outcome. What steps do you take if your company experiences a cybersecurity incident and in what order? Who do you call? Can you restore your data? Do you need to notify your vendors, partners, and customers? How about the FBI? How will you communicate with your own employees if the systems you usually rely on for communication are compromised during an incident?
Investing in incident response planning can seem like a luxury expense to small and medium-sized businesses (SMBs). But with 23 percent of SMBs experiencing at least one cyber attack during 2020, and the average breach costing a small business $25,000+ (Info Security Magazine), this small investment up front can save your company significantly in the case of an incident and can mean the difference between your business staying open or closing. Your MSP can help your company develop this plan.
Cybersecurity insurance
Insurance coverage for cybersecurity incidents has changed drastically due to the increase in the number and severity of cybersecurity incidents. Several years ago, obtaining cybersecurity insurance was done as a rider on an existing policy and required no additional activity by the purchaser. Companies didn’t need a lot of coverage because incidents were uncommon and less costly. Now, with so many incidents that cost companies so much money, insurance companies treat the risk of cybersecurity incidents as they do other risk decisions. Getting a cybersecurity insurance policy now requires increasingly more of the purchaser and getting the insurance company to pay out after an incident requires even more.
Despite its importance, cybersecurity insurance is only used by 13 percent of SMBs (Info Security Magazine). You may be thinking, does my SMB even need cybersecurity insurance? The answer is an emphatic ‘YES!’ Every business is vulnerable. Some insurance companies now compel purchasers to attest to taking certain security actions. For instance, they may require you to fill out a questionnaire about what steps you take to protect your business from incidents. Or they may insist that your company develop an incident response plan (discussed above). They also may demand that you use certain cybersecurity tools such as multi-factor authentication (which we will cover in a later blog). The question isn’t whether you should have insurance, but how much you need and what you must do to comply and ensure the insurance company will pay you if you have a breach.
Technology can be a mess. Let us take it off your hands, so you can do what you do best in running your company. Fill out the form on this page to schedule time with us.
At Logic Speak, our core values shape how we lead, how we work, and how we serve our clients. They’re not words on a wall, they’re filters for decisions and expectations for how we show up every day.
But here’s something we’ve learned the hard way: even good values have a shadow side.
Values, when taken too far or applied without self‑awareness, can create unintended consequences. What starts as a strength can quietly become a blind spot. And if we’re not careful, the very things we pride ourselves on can work against us.
So today, we want to talk honestly about our values, not just the best of them, but the risks of overusing them.
We Care for You
The strength:
Caring for others is foundational to who we are. It means treating people with dignity, empathy, and kindness. It means remembering that coworkers, clients, and partners are humans first, not just roles or tickets or invoices.
The shadow side:
When care goes unchecked, it can turn into avoidance. We may hesitate to give hard feedback because we don’t want to hurt someone’s feelings. We may tolerate behaviors longer than we should because we empathize deeply with circumstances. Over time, clarity suffers, and ironically, so does trust.
Care without courage isn’t actually care.
We Lean In
The strength:
We lean in when there’s a need. We take ownership. We step up when things are unclear or uncomfortable. This value fuels responsibility, initiative, and teamwork.
The shadow side:
Leaning in too much can become overfunctioning. We jump in to fix things that aren’t ours to fix. We take on too much instead of letting others wrestle and grow. Eventually, this can lead to burnout, resentment, or invisible bottlenecks where “that person always handles it.”
Sometimes the most responsible thing to do is not lean in, but step back.
We Love Our Craft
The strength:
We take pride in doing things well. We pay attention to details. We care about quality, process, and doing the right thing, even when no one is watching.
The shadow side:
At its extreme, loving our craft can turn into perfectionism. We may over‑engineer solutions, delay decisions, or become critical when others don’t meet our internal standards. What was meant to produce excellence can unintentionally slow momentum or make collaboration harder.
Excellence should serve the outcome, not replace it.
We Keep Improving
The strength:
Growth matters here. We believe learning never stops and that feedback, when handled well, is a gift. This value keeps us curious, hungry, and moving forward.
The shadow side:
Constant improvement can quietly create the feeling that “where we are is never enough.” Wins may go uncelebrated because we’re already focused on what’s next. People may feel like they’re always being evaluated instead of occasionally being affirmed.
Improvement without appreciation can feel exhausting.
Why This Matters: Blind Spots Are Part of Being Human
None of these shadow sides mean our values are flawed. They mean we’re human.
Every person, every team, and every organization has blind spots. Often, they’re not found in our weaknesses, but in our strengths, overused or unexamined. The danger isn’t having blind spots, it’s assuming we don’t.
That’s why self‑awareness matters so deeply to us. It’s why feedback matters. It’s why we believe asking questions like “How is this landing?” and “What might I be missing?” is a leadership responsibility, not a sign of insecurity.
Living Our Values With Humility
Our goal isn’t to live our values perfectly. It’s to live them thoughtfully.
That means holding our values firmly, but ourselves humbly. It means inviting perspective, welcoming challenge, and remembering that good intentions don’t eliminate unintended impact.
When we name the shadow side, we don’t weaken our culture, we strengthen it.
Because the best teams aren’t made of people without blind spots.
They’re made of people willing to look for them.
Recent Comments