Partner with us for reliable IT support. Contact us now and find out how we can streamline your IT needs!
It seems these days that at every turn, we’re reminded that cybersecurity needs to be front of mind. Whether it’s in our private or our working lives, not to mention the increasingly large grey area in between, security is everywhere.
At least, it should be…
There’s very little these days that doesn’t involve an exchange of information, and that information is valuable and worth protecting. We need to be making sure that the right information is used by the right people, at the right time. Otherwise – touch wood – it can cause significant disruption and potentially great harm. This goes for everything from our banking details and credentials to our social media and content streaming passwords. Even our very phone numbers.
Now, we’re not going to dwell on personal security too much in this series of articles, but arguably, the change to more flexible working locations and models for many people has brought us to a point where the lines between work and “not work” is very hard to distinguish. And as we move seamlessly between work activities and personal ones, we’re less likely to switch our behaviour from one mode to another. In this blended mode, it’s more likely that we slip, and make a mistake that can have unforeseen consequences. Most of these consequences will usually lie with the business in the form of financial impact and brand confidence, meaning that the burden of preventing the breach in the first place through supporting its people lies with the organisation.
Many security commentators say (and I agree) that good security comes about by addressing a combination of three fundamentals:
When looking at where to start and how to design the right security program, the most important consideration is the overall business need. A consultative approach is required, as working in isolation from the business will likely lead to an ill-fitting solution.
Ultimately, it’s the business strategy and objectives which define its Process, and in turn, give rise to the requirements of People and Technology. At this point, as we review how those People and Technology interact – we start to see information and data being generated. Risks emerge as to where the information is stored, how it’s accessed, used, and transmitted from system to system, and place to place. These risks are collated and ranked, with decisions made as to how each should be addressed. This risk matrix will likely form the basis for developing an information security and cybersecurity program.
Let’s look at each of these elements:
We’ll talk further about Brennan’s approach to People and Identity in my next blog.
Industry experts suggest that up to 85% of breaches involve a human element. Therefore, if we’re looking at addressing the biggest risk area first – this seems like the obvious starting point.
For organisations that are considering how to evolve their security strategy so it better supports their business, people, and customers, partnering with a third-party security specialist can be invaluable. Most providers will begin with an audit to review the above in concert and in isolation, taking into account the specific requirements an organisation has along with the environment it operates within – be it mandatory through legislation or standards compliance, industry best-practice, and alignment, or a general desire to improve its cybersecurity posture, making sure that only the right people have access to the right data, at the right time.
Partner with us for reliable IT support. Contact us now and find out how we can streamline your IT needs!