Is your business in a period of rapid growth? You may need to reconsider your approach to many things, including your approach to security.
The rule of 3 and 10 was observed by Hiroshi Mikitani (CEO of Rakuten): everything breaks when a company triples in size. That is, when it grows from one to three employees, again at 10 employees, 30 employees, 100 employees…
His theory is that all processes and systems break at these points, and need to be reconsidered. This is whether these are financial arrangements, organisational structures or technological systems, and is because of the complexities of scaling.
Rule of 3 and 10 and your cyber security
As your company grows, your cyber security requirements will change. For example, once you start adding employees, controlling their access to different systems and data will become more complex. When it was just you, you had access to everything. But once you start adding people with particular job functions (HR, say, or IT, or Finance) then you should consider restricting people’s access to systems and data only to what they need.
When it was just you, you knew everything that was happening. But as you grow, you will have to relinquish some control over business activities activities. For instance, you’ll need a process to ensure that your business controls, logs and—importantly—secures new IT-related purchases. This will reduce the risk of shadow IT, but also of failing to change default passwords.
And the more people you employ—and the faster your company is growing—the more difficult it is to retrofit security.
We believe it is important to get security measures in place early, and to reconsider the controls that you have in place regularly. Of course, you should reexamine your security controls regularly whether you are an expanding company or not. But the issues that come with growing a company are significant, and the rule of 3 and 10 is a good reminder of that.
Want some help? Contact us on 0113 633 6230, or by using our form.
