In today’s business world, it’s hard. We need to keep our business earning money, keep our clients happy by providing great products or services and we need to ensure that we are keeping ahead of the constant cyber threats to our business and our staff. We need to wear several hats all at the same time, whether you are a small business or a large enterprise it’s just as important.
That’s heavy right.
As business owners and managers, you need to know not just what your business does, what your clients need but you need to know what systems and devices you have. You need to understand the risks involved with every decision you make on whether staff can use their own devices or are only company-supplied allowed.
You need to understand what you have, where they are and what risk they pose. There is a saying in the security industry “A malicious actor only needs to find one thing to get into your systems, defenders need to get a million things right to stop them from getting in”. So, the odds are clearly stacked against us as businesses and defenders of systems.
What can we do though with such mounting threats against us?
The answer is simple really, something that most people overlook. We need to get the basics right. That’s right we need to stop overthinking, stop buying all of these flashy blinky light solutions that will not help keep our systems secure. Don’t get me wrong, some of these solutions are very impressive, the problem is twofold. Firstly, most organisations don’t actually ever get them set up in a capacity where they will do what they are supposed to do, as they don’t have staff or skills to use them properly.
The second is even if they do get the amazing flashy solution implemented correctly, they have completely left the back door open for the malicious actors as they haven’t done any of the basic security practices that are actually more important than that fancy new solution.
What am I recommending? Let’s break it down.
Firstly, you should align your organization with a security framework like ISO27001. Use this compliance framework to help your organisation implement solid best practices by knowing what assets you have, creating and utilising policies to help staff know the best practices and what is allowed as far as behaviour goes within your organisation.
Compliance is not a silver bullet, you need to understand that there is no silver bullet that will help keep your organisation secure and safe from online threats completely but we all need to start somewhere. Aiming towards compliance and ensuring that your organisation implements and gives real focus towards getting the basics right.
Hardening of systems, doing updates, having tested backups and ensuring that adequate policies and procedures are in place will make so much difference in keeping not only your data but your client’s data safe. That is a true win-win situation. Yes, compliance is not a sexy thing to do, it’s not always fun just like doing all of these basics but I will guarantee you something here.
Organisations that spend the time to get these right will be far more secure than the one who throws money at a problem and get themselves some flashy expensive solution that will not keep them safe. Guaranteed it hurt the cash flow but that’s the only guarantee they will have.