Michelle Drolet
June 7, 2019
10 Things
10 Things I Know About ... Staying secure
By Michelle Drolet
10) Establish a risk baseline. What level of digital risk are you willing to tolerate? Know what key risks will damage your business, then address them based on the threat-level each one poses. Take a triage approach.
9) Capture a complete picture of your network. The number of exploitable endpoints (laptops, printers, phones, etc.) is growing. Take full inventory of devices on your network, especially unmanaged ones.
8) Install a user awareness program. People are the weakest link to your company’s data security. Train your staff to spot security risks, teach how best to respond. After training employees on security pitfalls, test to ensure your program is working.
7) Assess and patch vulnerabilities. It’s critically important to say yes to all requested software updates since these will fix known weaknesses and bugs. Consider employing a tool to flag existing vulnerabilities.
6) Deploy real-time automated protection. Real-time tools can scan for issues and resolve them automatically. There’s often a time lag between a security alert and its fix; new tools exist to automate fixes, filter and prioritize.
5) Craft an incident response plan. Limit damage to your business by having a response plan making role assumptions clear. Follow a step-by-step playbook. Mock stage an attack to practice your plan. These exercises look good in front of regulators.
4) Get comfortable with your security software. Ask yourself if you are extracting the most value from your existing investment. Sometimes a tweak or reconfiguration will improve usage and utility with little effort and cost.
3) Include security in meetings. Your head of data security should never be left in the dark in matters pertaining to new projects, tech purchases or new applications of existing technology.
2) Don’t forget third-party risk. Know which partners/vendors have access to your data and hold them accountable to the same high standards you practice. Test their own security procedures – don’t take their word for it.
1) Be vigilant. Data security is an ongoing process requiring constant attention. Your strategy should continually evolve for best results. Don’t hesitate to consult outside expertise; responsibility should never fall to one person, it must be ingrained in all people and processes. The risk of a data breach never sleeps and can prove disastrous for any business.
Michelle Drolet is CEO of Towerwall, a Framingham data security services provider. You may reach her at michelled@towerwall.com.
WBJ Web Partners
Most Recent
Most Recent
0 Comments