By U.S. Navy photo by Photographer’s Mate Airman Andrew Betting. [Public domain], via Wikimedia Commons

By U.S. Navy photo by Photographer’s Mate Airman Andrew Betting. [Public domain], via Wikimedia Commons

Last week the news was full of the disruption caused by the WannaCry Ransomware which has hit over 300,000 computers in 150 countries (as of 20th May).  Some have blamed Microsoft, others the NSA, still others the Government. 

They are all wrong.

In the 7 Habits of Highly Effective People, Stephen Covey builds his ideas on the principle that being effective is a combination of getting the job done and protecting the means of doing the job.  Many leaders focus on the first half – getting the job done, but neglect the second – protecting the people, places and tools needed to do the job.  Think of it in terms of the Captain of a battleship.  His first duty is to protect his ship, second to complete the mission.

For many leaders today, we focus on completing the mission, and neglect the ship.

This is what happened with WannaCry, malware that infected either obsolete software or modern software that the vendor had issued free security patches for over a month before the attacks occurred.

Organisations were so busy focusing on the ‘day job’ (completing the mission) that the simple and obvious steps needed to protect the ship (install the free updates Microsoft published back in March) simply did not happen. To my mind this means that the root cause of the WannaCry epidemic was actually a Leadership failure.

In all those organisation struck down by ransomware, the leader’s failure to observe the principle that both the ship and mission must be protected resulted in the failure of the mission for many.

As leaders, the buck stops with us.  There may be reasons why something is difficult- but that is not an excuse to ignore it or fail to tackle the problem.  Even worse is to not do something because we imagine it to be difficult and so we don’t even bother to try and test that assumption!

Protecting the Information Systems and Data of the organisations that we lead is part of the remit of most leaders – and it is not as hard or complicated as the purveyors of expensive IT security products would have you believe.  As the director of GCHQ recently said, just doing the simple stuff will protect you for 80% of all the threats easily.

With that in mind, I’m delighted to share an invitation to a free webinar I am running this week which will cover The 5 Essential Cyber-Security Tips and Everyone needs to know.  Follow these in your organisation and you will protect your ship

Sign up here: