Article Contribution
Considering the modern threat landscape, it is no wonder that leaders who were recently surveyed lack confidence in their company’s security posture. Despite increased spending on security initiatives, leaders surveyed are still facing a lack of trained staff and are struggling to keep up with an increasingly distributed workforce. The pandemic has added new challenges as managers struggle to keep initiatives on track and ensure that security is integrated across all phases of projects. With the use of cloud-based IT systems increasing and employees’ use of multiple devices to access their data, information exists everywhere and securing it is a constant struggle.
Education and training of employees is more critical than ever. After all, security is only as strong as the weakest link in the chain. The bad actors out there are crafty and if people are not informed and diligent, a single malicious email can take down an entire organization. It’s imperative that employees are in a constant state of awareness about threats that exist and who to contact and report suspicious activity to. Data and security breaches can come from not only outside the organization but also the inside. Indicators of insider threats often go unreported because people feel uncomfortable reporting a coworker even though that person’s behavior may clearly be raising red flags.
As the COVID-19 pandemic lingers on, organizations should step back and assess their security policies and procedures to plan for both the near and long term. Here are some immediate actions leaders can take to help close any gaps and integrate security across an entire organization.
Conduct an internal and external audit of security policies and procedures.
While this may seem like a basic task, many organizations fail to regularly assess their security protocols. And even if they do, they often give the task to people who are not well equipped to handle this type of project. A self-inspection is always a good idea but be sure to approach this task as if you are an outside auditor. Too often, an internal assessment will turn up very little because those conducting it are also responsible for implementing security; they fear negative results may impact perceptions of how well they are doing their jobs. An external audit has cost, but that cost may be well worth it to prevent a single exploit. These expenses are well worth it if they help strengthen security and prevent an exploit.
Put together a monthly security awareness brief for employees.
Keep security top of mind by consistently and constantly reminding the entire organization that we all play a part in security. In today’s environment, companies must be hyper-aware and diligent to avoid making themselves vulnerable for various attacks from both outside and within their organization. It helps to use examples of real-world events in your briefs to keep it topical and remind people that security is everyone’s responsibility.
Stay up to date on security regulations to maintain compliance.
Many industries have security requirements that must be met to maintain compliance. For instance, if you do business with the federal government you may have to meet requirements around storage of government data. Be sure to regularly review the changing requirements that apply to your organization. It may be helpful to locate and join an industry security group to form a network of other professionals who are facing similar challenges.
Good security incorporates multiple layers of protection. Security leaders are certainly feeling pressure to keep up with the challenges they face. It’s imperative that security professionals remain diligent with self-inspections, education of all employees in an organization, and a rapidly changing regulation and threat landscape. These actions are critical to prevent security exploits.
David Touchton is the President of FSO Services, LLC, and he may be reached at david_t@fso-services.com.
Jeremy Good is the Chief Information Officer at Carley Corporation.