Dream for a minute – with a limitless security budget you can:
- Purchase the best firewall, intrusion detection, and intrusion prevention money can buy.
- Set policies that include automatically wiping lost mobile devices, mandatory monthly strong password changes, automated network lockout after multiple failed login attempts, and card-only access control at every door.
- Conduct employee security education classes regularly, send harmless phishing emails to test them, and ask them to note and report any suspected policy gaps.
- Be completely compliant with, and even exceed all security and privacy regulations.
And yet you’ll remain vulnerable, because technology and training only go so far. Besides, nobody has a limitless budget, so let’s return to reality.
Like many challenges, by working backward from your desired outcome, you can find a solution – even within a limited budget.
Q: What are the bad guys after?
A: Data; yours and that with which you’ve been entrusted.
Bad guys seek intellectual property, personally identifiable information, or merely your login name and password to a customer’s or supplier’s network.
So why worry about protecting devices when the important thing to protect is data?
The many factors of a data breach make the cost difficult to calculate. In addition to the obvious remediation and notification costs, and possible legal penalties, how much do you add for reputation damage?
“For companies online security is all about trust,” said Marx Acosta-Rubio, CEO of Onestop. “Customers want an easy, secure transaction, and they will settle for nothing less.”
Create a data security strategy and architecture to safeguard data. Decide what data are critical to the life of your business, and allocate your budget accordingly. Then develop an incident response plan.
Because everybody’s defences are being probed – from the one-page business card websites to global networks. Right now a professional a continent away may be probing your perimeter and tempting your employees with tantalizing emails. Or a seemingly innocent contractor may have propped the backstairs door open for 20 minutes while loading.
And if you don’t have protection and a plan, you won’t know where to focus your limited resources.
“There is no greater value you can give a customer than protecting their data,” said Onestop’s Acosta-Rubio. “Any company which cannot do that with 100% accuracy will not survive in the marketplace in the next five years.”