The Transformation of IT Management and Delivery: Part Two
I recently had the pleasure of speaking with Chris Claudio, CEO of Logically and Dan McCormack, CEO of InterMed to IT executives and professionals at the annual MTUG IT Summit and Tradeshow on the topic of ‘The Transformation of IT Management and Delivery.’
In my portion of the presentation, I focused on the cultural transformation of security within organizations. In today’s evolving technology and threatening environment, it is not possible for IT professionals to monitor all their systems for security purposes. The good news is that there are a few things a company can do to manage its cybersecurity effectively.
Before an organization can create a secure environment, it is important to understand basic security facts. Let’s start with a PICNIC - Problem In Chair, Not In Computer. Almost all security issues begin with human error. Security is an Arms Race: No Set and Forget. Technology is always evolving and because of this organizations need to be proactive and continuously monitor and check their networks. Hackers understand that networks are constantly changing and will find a way into your network if it is not complex. Organizations need to be continuously updating their networks to avoid hacker invasions. And finally, Technology is not a Panacea. Stop thinking about firewalls and other technical controls when you hear ‘information security’. They are a mere aid to help your company to achieve its security goal – establishing a culture of security and continuity.
Here are six things to consider that will help you to establish that culture:
- Build and maintain awareness. Oftentimes your people are the main target and the greatest risk to your company security. Address the ‘human factor’ by educating and arming them with the required knowledge to stay secure.
- Lead by example. Everyone in your organization, from the highest level executive to the entry level employees, must be bound by the same security rules.
- Reward and reinforce good behavior. Find creative ways to help your people be secure. Create incentives at your company for employees who do the right thing and go above and beyond in keeping your information safe.
- Write and enforce policies, procedures and processes. In order to have a secure culture at your organization your people should have clear guidance of what is expected of them. You need to develop policies, procedures and processes to provide that guidance.
- Test systems periodically. In order for your company to be secure, your systems must be tested frequently for vulnerabilities – after all that is what hackers do. Also, do not forget to test and validate your backup process often.
- Maintain physical security. It will help secure your information resources and reinforce the right security message to your employees.
Those are just a few things to consider among many more. It is often hard for a smaller company to have the resources necessary to achieve the goals and implement the required controls. If you feel as though your organization is not where it needs to be in order to protect your organization and data, then it’s time to think about getting expert help to get you started on the right track.