At some point in my life I found myself in a very odd position. A health problem affected my vitality and suddenly, I found myself in a Brussels hospital nearly in a coma.

What drove me there? My outstandingly strong focus that allows me to achieve anything. However, the secret to this focus is concentration on one single thing.

This means that everything else is pushed to the backburner. This is how I am because I do not buy into the routine life-work balance mentality. My philosophy about life is to love what I do and do what I love.

You might be wondering though, how is this relevant to security?

Well, it is relevant for many reasons.

• Firstly, security requires 100% concentration. This, however, doesn’t mean you don’t do anything else in your business.

It means that you put in the time to build a sustainable and solid security foundation.  You find the right people to assist you and of course, you evaluate and resolve new issues along the way. Nothing is static in business. The same applies to security.

• Secondly, attacks are opportunities to become better.

Every time we are forced to level up our game we become better and we manage to achieve a milestone, a new standard.

At this point, I must state that there are two types of attacks in terms of the benefits they offer us:

• Attacks that happen to others, and
• Attacks that happen to us.

Businesses operate in a risky environment, but there is a difference between a well calculated risk and sky-diving without a parachute.

1. Attacks that happen to others: We have plenty of examples around us that affect us indirectly. Whether you are an individual, an SME, a big corporation, a famous person, anyone – even a security expert – we are all exposed to vulnerabilities. On a larger scale, cyber-attacks affect all of us directly as most of them fund terrorism activities.

Therefore, security experts insist on creating awareness. The best awareness available are the attacks themselves and their implications, as this is an opportunity for all of us to learn and be more prepared.

2. A second type of attack is the kind that affects your business directly. The implications could range from something huge, such as closing your business immediately, to lesser effects, such as a moderate or a superficial loss of operations (down time), losing clients, money, reputation, and increased legal and insurance fees.

There is one factor which defines which category you are in and that is:

Before it happens to your business or during and after the attack takes place on your business?

If you replied, “before the attack”, you are an “action taker”.

If you replied, “during or after the attack” you are “reaction enabled”.

You probably realized that the first one is a much more powerful standpoint.

I’d still like to clarify why. Think of it like a domino effect. If you don’t deal with the points that could trigger the effect it would not be possible to intervene as it happens. Thus, the phase before the attack is the best place to be, and therefore the action takers are more protected than those who react.

Additionally, you cannot possibly know how catastrophic an attack could be. Not preparing to avoid it or minimize and control its impact is like giving your business away in a poker game.

But

Well, this depends on the way the human brain operates. There are two categories of people in terms of what triggers them to take action: those who observe the world around them and act to prevent what happens to others, and those who have to experience something before taking action. Also referred to as learning by example or learning by pain. Unfortunately, the highest percentage of people follow the second route of learning, but that is a very dangerous approach when you are dealing with business and personal security.

Learning by pain may send your business into a comatose state and no one will know if you will manage to recover!

As such, I emphasize time and time again that being prepared is essential. However, in the meantime when you experience an attack you must act immediately and solve it. In a coma or near coma state though, extreme measures are required and those measures come with implications.

What is my recipe for such situation? I turn to Richard Branson, who always asks “what is the worst-case scenario” in every action and decision he will make or take. Even though he seems to be a risk taker his risks are always calculated.

So, next time you hear about an attack happening to someone else ask yourself:

Have you considered your worst-case scenario in case of an attack and worked on ways to avoid it, or are you in a free fall to the coma state? Attacks are not about if, but when. It is really a matter of time.

Emergency rooms and measures are for the emergency situations, but have you considered that if you saw the danger approaching you would be in a more powerful position to minimize its impact if not avoid it at all?

But, you know what? Let’s take it even a step further and take children as example. Children are a priority to their parents, who do not care about sleep, food, work, anything if their child is sick. It is hard wired into the brain, something like an internal GPS mechanism for priorities, and this is fascinating.

I mention children because for most business owners (if not all) their business is like their child. They do not have an 8-hour work week. Instead they work 15 and even 18 hours per day. They do not have weekends, holidays, sick days. They have limited time for loved ones, and set minimum time for anything else including hobbies and food if not skipping them entirely. All this is essential for the survival of their business.  They are so driven to succeed that nothing else matters to them.

How do I know? I experience it first-hand. Most employees will leave work on time and they will switch off the “work mode” button until the next scheduled business day. That is not the case with business owners. In fact, it is 4:36 in the morning here now and I am writing this article for you. So, I will not question your love and devotion to your business. Never. However, I will ask you directly: Why do you risk the survival of your business by skipping security?

Based on all the facts around you and your ability to evaluate situations you should be able to see that security is a top priority for your business survival especially if you fall in the category of the reaction enabled people. If you are an action taker, it does not mean you don’t need to do anything. In fact, you need to double-check and assess what security you already have in place and what coverage it can give you. Ask yourself: is it enough to protect your assets?

I’d like to leave you with this: It is never too late to step into your protection mode. Every moment is perfect to make an adjustment or turn.

As Tony Robbins says, most times you need just a 2-millimeter shift.

Choose now to turn to security. There is no better time than now to take action. It is a step which will positively impact both your business and humanity.

If you don’t know where to start, I would suggest you start with the basics. I noticed one common theme, which is valid both for large corporations and SMEs, and that is; not covering the basics. Guess what, cyber criminals know that as well.

This led to me designing a self-study course with the business person in mind. It addresses the basics of security, that even large companies nowadays forget about: vulnerability of their staff, over-dependence on technology, lack of strategy and predictability.

This is a practical course that will help you understand what are your most important data assets, create strategy and take specific steps to protect them. Ultimately, this will enable you to set up a foundation of your information security, without additional investment in staff or technology.

And don’t forget, security is a state of mind. When you bring it to light it lights you up!