Back in early June there were a few news reports that the annual conference of the highly secretive Bilderberg Group was to take place in Austria.
The event, first held at the Hotel De Bilderberg in the Netherlands in 1954, describes itself as an “annual conference designed to foster dialogue between Europe and North America”.
This conference, attended by high ranking officials from politics, government, finance, business and the media is held under the Chatham House Rule, which states that participants are free to use the information received, but neither the identity, nor the affiliation of the speaker(s), nor of any other participant may be revealed.
Critics claim the Bilderberg it is a front for a shadow world government, but I think it’s just actually an open, free flowing, discussion that is held in private. Why private? Why so secretive? Why the Chatham House Rule? Simple – reputation preservation. Behind these closed doors no matter how high profile or public facing your reputation maybe, you can be assured that ‘Whatever happens at Bilderberg, stays at Bilderberg’
A school, especially an independent school, lives or dies by its reputation. Bad exam results? Your reputation is going to suffer. Has the school received a bad report from Ofsted? Another dent in the reputation. Have you gone into ‘special measures’? That’s tough to come back from. Inappropriate action from a member of staff? You might need to call in the professional reputation builders on this one!
What is going to happen when your school suffers a significant cyber breach? When some nefarious individual breaks into your IT systems and either steals your data or causes disruption. The school will be compelled, by law, to report this matter to the Information Commissioners Office (ICO) and this news will be made public. It is also a schools duty, after suffering a breach, no matter how small, to inform its stakeholders – parents, governors and pupils. If a school gets nervous about the effect poor exam results will have on its reputation then a cyber breach is going to give it a full on panic attack.
Don’t let this happen.
Hold your own internal ‘Bilderberg’ meeting under the Chatham House Rule, to discuss cyber in all its guises. Be open, honest and freewheeling with the conversations. Don’t vilify those whose day-to-day operations may have exposed vulnerabilities and don’t use those who don’t understand cyber as scapegoats.
Ask the IT manager, and his team along. They may already be doing some cyber related actives (under another name) or they may not. IT managers and their team do not want to be chastised for not doing something that they may not be aware that they should be doing (if that makes sense) and in their defence so many IT departments are swamped with just doing the day to day IT activities, HelpDesks, support, new equipment being deployed, basically doing when needs to be done to keep the ‘IT lights on’, that cyber may not have made it to the top of their list.
Individuals professional reputation is also at stake here – nobody wants to be ‘found out’! It takes a brave soul to sit in a meeting of their peers and admit that they don’t know about a topic, i.e. cyber, even if it’s inferred that it’s their responsibility. Senior managers, those whose very duty is to oversee the safe operation of the school may have been complicit in not addressing cyber security earlier. Your IT Director (in many cases it’s actually The Bursar who has ultimate responsibility at the senior management table for IT) may have no clue on the laws surrounding information governance, so talk about it.
A meeting about cyber needs to be honest; very honest; brutally honest. If it helps, pull in an expert or a consultant, somebody to help facilitate the conversation and to compile notes into some semblance of order. Admit where you have the skills to address your cyber risk and also admit where you don’t. Have you got somebody on staff that can write all the new polices, procedures and processes? Have you got somebody on staff that can roll these out to all the members of staff at the start of the Autumn term? Allocate the correct amount of time for an initial meeting – say half a day, with regular breaks, to get you off the ground.
Get all your senior people in one place and ‘be like Bilderberg’, all under Chatham House Rule. State that your reputation is at stake here and develop the cyber plan to do what needs to be done to preserve it. How long has it taken to develop that reputation? One cyber breach can destroy all that good work in an instant. Have that meeting now, behind closed doors, before the term comes to an end.
Or perhaps don’t have that meeting. Why? Well you can wait and have a meeting at the start of the Autumn term asking how you can restore your reputation that has been destroyed by a cyber breach over the summer holiday! That meeting would (sadly) have to take place in public.