Years ago, my father had a heart attack. It was scary and horrible.
However, after that day he made significant lifestyle changes that he would never had considered prior to that event. I am happy to say that he is still with us – working, laughing, loving and living. I believe this extension of life to be a direct result of the attention he paid his health after his scare.
No one enjoys bad news or worse – horrible events – but there is an upside.
At a recent charity event, the speaker, a prominent military leader, made a comment that stuck with me: “You don’t get credit for what you prevent.”
He went on to say things about what history would say about the military’s efforts, but it was the truth of that comment that stuck with me.
Simply put, in regard to your organization’s security program: If everything goes smoothly, no one cares. Or, maybe they care but they can become complacent and uninterested in the security program. Think about it – if no one ever tried to steal information, would anyone go to great lengths to safeguard it?
As FSOs, we all want to create strong programs without any vulnerabilities. We hate the idea of a security violation, a culpable report, discovering incidents regarding financial, criminal or drug matters with personnel on our watch.
However, bad news does happen. When it does, it is important to remember that there is an upside to having issues identified.
- It legitimizes the need for the organization to heed the guidance of its Security Officers. Having the support of your organization is easier to obtain if they KNOW you are protecting the organization.
- It provides a warning going forward. Even just one issue equals a case study (or horror story) or cautionary tale out of experience which will strengthen your subject matter expertise.
- It allows you to establish a better security program. You don’t know what you don’t know. Once you have mitigated the problem, you have a new plan in place for better safeguarding.
If the thought of you trying to make lemonade out of your own lemons frightens you, fear not.
It does not have to be YOUR bad news.
In recent headlines, the security breach of the Office of Personnel Management was some pretty bad news for every cleared individual.
All of our personal information became vulnerable and the organization shut down eQIP. For those who need to obtain personnel clearances or update their information – this was a nightmare. Especially when no alternative was offered.
However, since then FSOs have been able to advise their cleared personnel and management to:
- Always monitor their information.
- Run and update good anti-virus software.
- Disable stored passwords and don’t reuse password
- Vet candidates properly before making an offer since out-of-scope clearances cannot be fixed easily.
- Do NOT delay on your eQIP. Procrastinators have found themselves locked out …
Just to name a few ….. and everyone is taking the advice very seriously!
Bad news is never great. However, if you look at it the right way – there is a gift in every problem.
FSO Action Items:
- Research “bad” security headlines or situations in popular movies and send it out to your cleared personnel with reminders/advice to avoid it.
- Contact your IS Rep to ensure you are handling internal situations correctly.
- Conduct a mini-inspection to catch potential problems before your assessment!
Need help with incidents, self-inspections, training, issues, vulnerabilities or turning your security problems into a better security program? Contact FSO Pro.