Theme 4: Assigning Key Roles: Allocate Responsibilities
Historically, for a human community to function effectively, roles are assigned to its various members, so that each has their own area of specialisation and responsibilities, therefore avoiding the risk of different parties performing the same tasks and stepping on each other's toes.
In the Middle Ages, some people took care of maintenance work, others were assigned to the treasury, others recruited in the army, etc. It was difficult to imagine a treasurer playing the role of a knight, and vice versa.
The same rules apply to your business. As an SME, you have probably outsourced all or some of these functions, due to a lack of internal resources, but someone is taking care of your accounting, someone else is in charge of your raw material supply (depending on your sector), and someone else is managing your communications, etc.
As you can see, this distribution of roles also implies that some people have more responsibilities than others. They have a “key role”, particularly those with security responsibilities.
Imagine that all the keys to the castle, including the treasure room, were entrusted to a head guard and kept in one place. The lord of the castle would be well advised to ensure that the head guard performed their duties properly and that no one with malicious intent could gain access to these keys.
Your IT administrator, who is probably external to your organisation, is a bit like your cybersecurity head guard, potentially holding all the (digital) keys to your .
This is why it is important to take additional measures to secure the accesses they have even better than the others. The administrator accounts are, indeed, the favourite target of hackers.
In addition to the IT administrator, there are two other key roles that need to be allocated for optimal cybersecurity: the Advisor and the .
Of course, one single person or three different people (internal or external) may assume all three roles , depending on your options. All that matters is that the person(s) taking on these roles have the necessary skills. Make sure they do!
Remember
- Castle in the Middle Ages:
- Everyone has their own role:
- maintenance worker;
- treasurer;
- army general;
- etc.
- Some key roles, such as the keeper of the keys, needed to be further secured.
- Cybersecurity for your business:
- Everyone has a role to play in cybersecurity:
- IT Director;
- Advisor;
- ().
- The key role of IT Director, and the related administrator accounts, must be further secured.