A strong security programme can provide a myriad of benefits across your organisation, writes Chris Pogue, Chief Information Security Officer, Nuix.
These include more streamlined operations, an increase in customer and public trust and the identification and mitigation of avoidable risk. These benefits promote innovation and growth, and contribute to a reduction of costs by minimising the potential for lost opportunities. Business leaders should recognise these benefits as key business values. If a security programme keeps senior stakeholders in mind, it will ensure the resulting systems are connected to the overall business and not purely a function of information technology. Your organisation should keep these four tips in mind when planning its security strategy:
1.Prioritise your efforts – Part of being a strong business leader is being realistic about your security efforts. Attempting to secure everything and anything is just not feasible or required. There is no need to secure an email about ’Friday evening drinks’. Customers’ payment details on the other hand, are one of the protected data elements that should be high on the priority list.
When looking to secure valuable information, the first step is to determine which data is critical to the business and therefore worth giving the highest protection, bearing in mind that not all data is created equally. Once you define WHAT that data is, the next challenge is finding out WHERE it resides, including emails, development servers, file shares and employees’ computers.
2.Maintain an intelligent presence – The increasingly virulent threat landscape has resulted in a number of new applications aimed at helping organisations monitor for potential breaches. These apps are evolving to keep pace with more advanced attacks – they are moving beyond simple observation to become smarter systems that embed best practices and the experience of proven experts into the tools’ workflows. These new monitoring technologies can provide analyst-level insights as well as reports for business leaders to make informed decisions.
3.Secure at the source – All security that operates on a level higher than the kernel exists on the assumption that it is secure. If this is not the case, the entire system runs the risk of potential compromise. If you are unable trust the kernel, nothing else can be trusted. Therefore, implementing adaptive security technology providing complete visibility at the core, is critical for all organisations.
4.A Culture of Security – To achieve real business success through a strong security programme, you need to incorporate security into every business function and decision moving forward – the physical buildings, systems you use, and the employee training you provide. Every aspect of your organisation should recognise the need for increased security protocols in today’s environment, where attacks are not a matter of “if” but “when”. Assume you are operating in hostile territory, and plan accordingly.
Establishing a company culture that prioritises security provides business benefits. It also encourages a heightened level of awareness in decision making processes that allow for healthy debates about company values, specifically as they pertain to the question of how your organisation will respond when (not if) breached. Employees across the business will be able to recognise which data and business processes require greater scrutiny and therefore manage those expectations from the beginning, rather than trying to figure it out after an attack.
Public scrutiny around organisations’ security practices is at an all-time high and almost daily breaches do nothing to quell concerns. To stay competitive in the marketplace, your organisation should implement a proactive, strong, defence in depth approach to their security systems. This requires technologies which relay universal transparency across all of the data you store, process or transmit. Additionally, employees should receive regular, purposeful security training to ensure they implement all aspects of security into their work practices. From here, you will be able to make informed security decisions driven by business values, ensuring you mitigate risk and strive to achieve the best outcomes for your organisation.
