Out-Running Your Friend: Five Basics of Cyber Security
As a part of Winxnet’s ongoing Technology Series at the Portland Regional Chamber of Commerce, I recently had the pleasure of speaking to a motivated group of business leaders about “Building a Culture of Security in your Organization”. Here are some thoughts from that presentation.
Traditionally information security has meant “no”—it’s about things you cannot do in order to keep your customer’s data safe. While the safest computer is one that is turned off and unplugged, it is also the most useless one. With a bit of time and effort (elbow grease and/or money), IT security will be more about finding creative ways of saying “yes”. Security by definition is a hassle—password changes, firewalls, policies and procedures—all have the perception of making your work more difficult and cumbersome. Our job is to help you define a path for your organization make IT Security into a business enabler.
Here are five things to help you on your way of getting there.
1. No need to outrun the bear. Just run faster than your friend. Your goal is not being 100% secure (which is statistically impossible). Your goal is to have enough controls in place to make it not cost-effective for the bad guys to go after you. Make sure you are not the low hanging fruit, and they will most likely focus their efforts on someone else.
2. It is a PICNIC. That stands for Problem In Chair, Not In Computer. Computers do not make mistakes, people do. The majority of recent compromises started with a human error. Educating your staff and building a “human firewall” should be high on your priority list and it will pay off.
3. There is no such thing as “Set it and Forget it”, no such luck. With the ever-evolving threat landscape information security is something that your organization should deal with regularly, enumerating threats, evaluating risks and improving defenses.
4. Technology is a tool, not panacea. While it alone will not solve your IT security problems, it should be something you use to help your people to their job, securely. Properly deployed tools can make some tasks a lot less risky.
5. Outsourcing can be good for you. Not many organizations are large enough to have people dedicated to IT security. This field also requires fairly specific skillset and knowledge, and can be rather expensive. As more companies offer managed security services, the idea of ‘renting’ some expertise for your organization may be a cost-effective one.
In addition to having an information security professional help you with realistic policies and procedures as well as the newest trends, a solid IT infrastructure and partner is paramount to your IT security success. Be confident that your current IT management provider has the tools or expertise necessary to keep you up and running, at least faster than your friends.
If you have questions, please schedule a call with our experts.