Today’s best run companies are moving away from their “no” and “slow” policies on security, and are making better managed, more enhanced business decisions that support their efforts both in the present and in the near future. Security doesn’t have to be difficult, but it does take the mindset and the aptitude to learn to run it like a business, no matter how large or small your operation is.
Excuse #1 Security is a plug and play system
Every business, no matter how big or small, has a variety of risks associated with doing business.
Your data may be at risk when an employee surfs the Internet, visiting sites that allow viruses and other harmful programs to have instant access to computers.
Your client files may be at risk if they are not properly guarded.
Your documents and archives may be at risk if they are opened and used on unsecured programs and devices.
And that’s just the beginning.
Yet many businesses approach data security in a plug and play way. They purchase one off-the-shelf system and expect it to work for everything. They piece together a few inexpensive modules and expect it to offer full coverage.
Yet to be fully covered, you have to start by looking at where all of your risks exist, and choose programs and devices that leave you fully covered, internally and externally.
Excuse #2 Current security practices have worked well in the past
Most businesses have a hard time keeping up with the ever-changing world of security. Security challenges typically fall into three categories:
- Complex, individualized threats
- Increased regulatory pressures
- Protection from ever-changing technology (mobile, social, cloud, etc)
Yet because each of these threats can change every day, it’s difficult for most businesses to develop strong policies to compensate the risk. IT departments must deal with legacy systems, perform with lower budgets and smaller talent pools. There also tends to be a lack of visibility throughout the company, understanding what information is truly critical, its worth, and having different levels of management understand the difference.
As a result, many companies exist in reactionary mode, choosing new technology based on “coolness” rather than how it fits into the overall system.
Excuse #3 Security is one small department within the business
Especially for upper management, it’s easy to push aside security risks and allow the IT department to handle all aspects. IT security is often thought of as a black hole division – upper management may not truly understand the risks, and it’s even more difficult to demonstrate cost justifications for new and upgraded features.
Senior executives must be involved in the decision making process of choosing security systems to take full responsibility for the risks of the business. We recommend a systematic approach from beginning to end, from the collection of data, to performance, to analyzation. This should cover all aspects of the enterprise, including financial impact, vulnerabilities, asset management, incident and threat reporting, and full compliance information.
Reducing your security risk doesn’t have to be difficult, but it does take a well thought out plan. No matter how long your security plan has been on the back-burner, there’s no better time than today to change and bring it to the forefront of conversation.
