BreachExchange mailing list archives
IT’s adult day care dilemma
From: Destry Winant <destry () riskbasedsecurity com>
Date: Tue, 8 May 2018 18:38:49 -0500
https://it.toolbox.com/blogs/kevinbeaver/its-adult-day-care-dilemma-050718 You may not have ever thought of it this way but your role in IT is not unlike managing an adult day care. Your network users can be your worst enemy, especially when it comes to security. It’s merely a matter of time before someone makes an unwise decision to place sensitive information at risk or otherwise impact your network. Curious, malicious or otherwise careless users can create all sorts of information security-related issues in your business including: · Malware infections that can install keylogging software, or worse, ransomware on your computers or allow your systems to be accessed and controlled by outsiders looking to attack others · Exposed intellectual property which can negate the time, money and effort you’ve put into the legal side of protecting your business assets · Compromised personally-identifiable information that can lead to compliance violations and subsequent legal problems · Accessing illicit web sites that can create HR-related challenges such as sexual harassment that you might not be ready to take on Your entire computer environment is literally one click or one careless choice away from compromise. It’s not unlike managing an adult day care and I don’t envy you for it, whatsoever! Still you can’t write this off as management’s problem. Or simply an unsolvable IT problem. It’s not. It’s a fundamental business challenge that needs to be addressed at levels above which it’s created. One of the most dangerous things in doing business today is when executives pretend that IT-related issues don’t affect their business. They do. They affect every business. Information risks can be tied directly to your business’ bottom line. Blindly trusting employees and assuming that you have nothing of value on your network that the bad guys would want is not enough. Even if overseeing all of this proves too much for yourself or others in your business, it still must be addressed. Here are four steps you can get started with, right now, to keep your computer systems in check: 1. Determine what information is where. Critical systems and sensitive information are everywhere across your network including on mobile devices and out in the cloud. 2. Understand how unprotected systems and information and your employees’ choices are putting your business at risk . 3. Do something to minimize your risks with technology, like documented policies and employee training that underscores why sensitive information need to be protected along with technical controls to keep it all in check. 4. Continually test your systems for new or previously-undiscovered weaknesses. Refine and repeat this process over time. Know that that your network is as simple now as it’ll ever be. As your business grows, IT and security are only going to become more complex. Network complexity breeds more uncertainty which translates into unnecessary risks you don’t need to have. And you may not be prepared to take them on. Make the decision today to set your users and your business up for success by giving security the attention it deserves. Set the expectations of your users. Tell them and show them how bad security choices impact the business. Better yet, vow to do what it takes to remove the power away from your users when it comes to making security decisions. Too many people can and will make their own security choices if they’re allowed to. You need to be the one in control, not them. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- IT’s adult day care dilemma Destry Winant (May 09)