I’m sure it’s still a thing for students today, but one of the phrases that always caused a groan in any class that involved solving equations was, “Make sure you show your work.” Whether it was pre-Algebra or Advanced Calculus, the only way you could prove that you actually understood the topic well enough to solve the problem was for you to write out each step of the solution. We had graphing calculators when I was going through high school, but even if we were allowed to use them during tests, more often than not there was going to be at least one instance where the calculator was only there to confirm the answer we arrived at after lines and lines of chicken scratch and piles of eraser crumbs.
There’s a point to this nostalgic indulgence
If you are a business owner or part of the executive team, you will likely be familiar with the technology security questionnaires that accompany your organization insurance renewals. Up until perhaps 2023, checking “yes” boxes on the questions or tossing in vague answers were typically enough to get you through the approval or renewal process, and I’m fairly certain that the application reviewers were just as cross-eyed as you were when filling them out. I’m (not really) sorry to say this “relaxed” approach to evaluating your security standards are in the rear-view mirror for everyone, regardless of the industry you are in or the size of your organization. Insurance carriers are reading your responses and are not taking “N/A” or “No” as an answer when asking if you have various security safeguards in place. At best, you may be encouraged by your insurance agent to, “Reconsider some of your responses,” and at worst it may lead to an outright denial of coverage and a mad scramble to find another carrier for your insurance needs. The insurance industry is already taking a beating on natural disaster claims (something not likely to abate given the world’s general dismissal of climate change), so they are definitely not going to be generous with the next most popular claim: cyberattacks. Don’t given them any excuse to deny a cyber liability claim by just checking a box. Show your work by actually implementing the security standards they are asking about, and if you don’t know where to start, get a professional like C2 on the job as soon as possible.
