Cybersecurity, computer security, network security, mobile security, cloud security, data security. Let’s face it: Security is on the minds of all IT professionals. This past month, the U.S. government launched the “30-Day Cybersecurity Sprint,” designed to bring awareness to security needs and beef up government cybersecurity protocols.
Let’s look at each area of security and review some best practices and ideas by influencers in the Dell Insight Partners program.
The cybersecurity team
Cybersecurity is a team sport. Every member of an organization needs to do his or her part in order to keep the organization secure. The chief information security officer (CISO) plays the coach, ensuring that each team member is poised for success.
“…(A) good CISO must also be a collaborative and communicative teacher across his or her organization. Is it me or do these traits describe a team leader or coach?” –
Kevin L. Jackson
The team needs to understand that the entry point for a hacker can be caused by individual actions, like opening the wrong email or not following password protocols. It is also important to keep anti-malware Internet security updated and educate your team on the latest social engineering-related attacks.
Your organization’s network is your first line of defense, but without proper protocols, you can be vulnerable to viruses and breaches that attack computers within your system. Many small to midsize businesses (SMBs) and startups often don’t have the budget for extensive chain management.
Insight Partner Darryl MacLeod says, “Startups need to create an environment where employees are motivated to identify security incidents and report them without worrying about any repercussions.”
MacLeod suggests implementing risk analysis frameworks such as Open FAIR. The quickest way to reduce an attack surface is to close unneeded services and protocols.
Cloud technology offers organizations easy-to-access data and services without worrying about storage space. But it also comes with security risks. Insight Partner Shelly Kramer outlined steps IT teams can take to help their clients be more secure:
- Implementing a single sign-on (SSO)
- Using API authentication mechanisms
- Having an identity solution for your management tools
- Enhancing the security of a multi-user account
No organization wants to learn there has been a data security breach. But, data breaches are a common security threat in today’s landscape.
“If a data breach does occur: Swift, straight-forward, and up-front communication is imperative in order to guard against reputation and credibility damages.” – Bev Robb
In response to the current landscape, Insight Partners Bev Robb and Eric Vanderburg strongly encourage IT departments to have a solid incident response plan, which includes a communication plan on who to contact within the organization, and who would handle external responses.
“The incident response plan is an organizational document much like other policies and procedures so it should ultimately go through review from senior management and reside within the organization.” – Eric Vanderburg
Information security and privacy risk concerns increase with the ever-evolving Internet of Things (IoT) outlines Insight Partner Rebecca Herold. IT departments need to establish policies around access to networks and data.
We live in a mobile world. It is no longer a choice to go mobile; it is a reality. Many organizations have a bring your own device (BYOD) policy, which can increase security threats exponentially.
“The biggest questions that CIOs and business leaders need to ask themselves are: What are the security gaps in their mobile strategies, and how can they fill those gaps?” – Daniel Newman
IT departments should consider moving from thinking about devices to thinking about apps, software and networks and locking down unmanaged services and third-party apps. To help improve adoption of approved apps, organizations should consider employee education and incentives.
Live and learn
Education needs to go beyond the IT team. Employees need to understand best practices and protocols to avoid security breaches.
Is education an important piece of your company’s IT security? What is your team doing to review your security needs? Have you evaluated your system controls?
As Newman says, “Change is the only constant in the world of digital security.” So that means both the IT teams and employees cannot rely on outdated processes to maintain data security. Developing and refining protocols — whether it’s implementing a single sign-on (SSO), performing routine risk assessments, or devising incident response procedures allow organization – builds awareness that information security is everyone’s responsibility.