‘Going Digital’ has pushed security even further up the agenda for most IT leaders. But rather than worry about the pace that technology is changing and that threats are developing, we should be looking to seize advantage and opportunity. Security is an opportunity to retain and build recognition and trust with our customers.
The headlines that Cyber attacks and privacy breaches are now grabbing are useful tools when looking to educate your users. You can use them to help people understand that security is a business and people problem not a technology one.
Think of security awareness as change management and deal with it accordingly. We would probably put lots of time and money into ensuring a new Finance system is specced, developed, implemented, trained on and supported properly. Security should be no different.
Highlighting the risk is one thing, and having a plan is another, and having a plan to prevent is just as important as a plan to react or respond.
We can put ourselves in a stronger position if we have security front and centre when making changes to existing systems or adopting new ones. For example - If we don't know about the cloud based system that the Credit Control team is using to manage their workload then how are we going to protect or control it and the data that resides within? These days it is very hard to stop people from trying new software out without consulting the right people first, and it's here in the unknown ‘Shadow IT’ that perhaps the greatest risk resides.
Ignorance of a system being used will not protect you if a breach occurs, and will potentially land you with a bigger fine under GDPR because your controls were not strong enough.
In line with prevention, putting in place an Information Security Management System (ISMS) is a great starting point, and you could even take it as far as achieving ISO27001 if needed. Indeed, many clients and suppliers now expect this ISO to be in place in order to feel confident doing business with you.
However it is essential that you take the time to think about how an ISMS and more mature security stance will affect Customers, Sales and Operations. There is no point becoming certified if it means your customer now has a terrible experience as a result of the sales team making promises they can't keep because production now takes twice as long.
Get in touch with me here if you would like to discuss how IT&E can help.