Categories: Articles

What Should Be Secured?

What Should Be Secured?

I recently attended an IT security conference in Chicago and the keynote speaker’s address reminded me that IT people and business owners often have different views on what are your company’s assets and what constitutes adequate security. Dave Stelzl, author of The House & the Cloud, simplified the security model for business by comparing a business’s security to a home. We “Protect” our home with doors, windows, locks, and fences. However, we all know that these security measures do little to stop a determined or skilled burglar. The next ingredient is the ability to “Detect” a security breach. In a home we put in alarm systems, motion detectors, subscribe to monitoring services and support neighborhood crime watch groups. Finally, the most important provision of the security model is the “Response.” We have a dog that will bite the thief, some people will have a gun ready for intruders, others rely on the police to respond and others purchase insurance to replace lost items and repair any damage.

Using the house as your business scenario you must ask three questions.

1. What are you trying to protect?
2. What are the relevant threats you face?
3. How comfortable are you with your organizations ability to detect and to respond to a security situation?

Your IT Department may do a great job of “Protecting” the physical assets of your company and your network. However, threats today are more likely to target the real assets of your business, the identity information you have collected on your employees, customers, and clients, intellectual assets you may possess, or links to outside assets – bank accounts or credit card information. NBC recently ran a news series and showed that a single personal identity with credit card information could be sold via the internet for $5. TJ Maxx, the retailer, reported a breach of over 40 million credit card accounts. Multiply that number by $5 and do the math. Identity theft is big business.

Who or what is at risk when your company is exposed to an identity theft? The business itself, its owners, and principals are all at risk. Even if the depth of the TJ Maxx exposure is not as great as reported, can your company survive the bad press generated, even if a retraction follows?

No one can guarantee 100% security. A firewall alone is no longer adequate protection. Unified Threat Management Devices (UTM) are now common and should be the basis for security protection. Written company policies regarding the internet, email, and the use of company information should be implemented and reinforced to every employee. Threats are not just external. Disgruntled employees and other internal attacks still account for a majority of the IT security incidents.

So when you take a close look at your company and its valuable assets ask the three questions above and see if you can live with your answers

EMT

Recent Posts

The Executive’s Guide to Security Operations Center Models

Cyber threats never take a day off, never clock out and go home at the…

2 days ago

Introduction to Azure Services

Building, deploying, and managing applications via Microsoft's global network of data centers is easier with…

2 days ago

Introduction to Microsoft Copilot

Microsoft Copilot is a tool, powered by AI, that aims to boost your productivity within…

3 days ago

Project Management: Why is it important?

Making things happen is the art and science of project management. The process involves managing…

1 week ago

Enhancing Website Performance and User Experience Through Caching Strategies

In today's fast digital life, website performance is important, as it holds visitors and ensures…

1 week ago

Protecting Municipal Data: Security Tips for City Officials

The FBI reported that cyber attacks against government facilities saw an increase of almost 36…

1 week ago