It’s easy to understand why businesses are increasing their security budgets after a year like 2017. We’ve seen an unprecedented level of cyber crime, from Equifax to WannaCry. While the cyber crime stories made the headlines, there were no doubt even more losses that occurred as a result of simple human error, many of which were never reported. Many companies that experience these breaches and losses don’t alter their policies after the event. They double down, inflating budgets assuming the process is right but there isn’t proper funding. But, are these companies feeding a machine that doesn’t work properly in the first place? Probably.
Here are the top 3 perils that businesses face when it comes to data security:
- Inconsistent Enforcement of Security Policies
Your security policies are worthless if they exist only as ideals on paper. They need to be clearly communicated, publicly enforced, and regularly audited. Your number one weakness when it comes to security is your people. Whether intentional or negligent, the damage is the same. Your C-Suite needs as much training as your new hires. Since the threats are constantly changing, your policies and subsequent training need to be constantly changing as well. This requires more than a one-time session during onboarding. Read our post, Is Your Staff a Threat to Your Network Security, for tips on how to address this weakness. - Unwillingness to Change Tact After a Loss
In the wake of a breach or data event, it is critical that you re-examine how that event occurred. It may be easy to assign blame to a single actor, a hacker or a careless employee, but they don’t often create the trap door that steals your data, they just fall through it. You may need to reevaluate and adapt your training. You may need to install new technology in response to a more modern style of threat. Regardless, you need to view it as an ongoing point of weakness, not an isolated event. - Negligence in Applying Basic Security Applications
Full disk encryption on mobile endpoints, restricting administrative rights, password management, advanced logging of authenticated users all fall in this group. These are basic tenants of security that represent your foundation. If your foundation is weak, we can’t hold out hope for all that sits atop it. BYOD work places, while creating gains in productivity and employee satisfaction, can create gaping holes in your defenses. (For ideas on securing your BYOD work place, read our post here)
There is a great amount of competitive power to be gained by applying the many new technologies and applications, like cloud computing, hosted phone, and SaaS, but with great power… comes great responsibility. It is your responsibility to ensure your organization has current, active, and effective safeguards in place to protect your data. You need to be willing to put these safeguards to the test consistently and abandon them when they prove ineffective.
Corporate Technologies Group understands the demands of today’s communication environment and the pitfalls that security weaknesses can create. We have the expertise to examine your current infrastructure, assess your future goals, and develop a communications technology strategy that will ensure you have the strongest security foundation possible. Contact us today to see how we can help you.