1. Make your company look good
Raise the profile of IT security within the company
Some departments within your company will have a higher profile than others. This is often just because of the nature of the departments' personnel. The sales team is a good example because they tend to be extroverts and geared at self-promotion. Make sure that the job the IT security department is doing is publicised within the company. This means that simple things, such as the new software which has been deployed to make the company safer or any new staff who are being hired with particularly good backgrounds or who have been poached from ‘big brand companies’, should be publicised in the staff newsletter, round robins, e-mails and by talking to the big boss when you happen to bump into him.
Make it harder for information to leak out of the company
It was the case until only recently that information within most enterprises was kept within silos. The advantage was that information was on a ‘need-to-know basis’. It became apparent, however, that a drawback was that information was being withheld from other departments that needed it. As a result, silos have dissolved in many organizations and new flat management structures enable information to flow across the entire enterprise.
However, with so much sensitive data accessible to so many people, suddenly you face a greater risk of damaging breaches and are vulnerable to greater data losses when a breach does occur. That's why it's essential to maintain silos for your organization's most sensitive data, yet ensure that you can give access to those who need it.
Keep your company out of the news
It seems like hardly a day goes by without a data breach making the news — be sure that your company is not making the headlines for all the wrong reasons by doing everything within your power to protect your data.
Always remember that proper IT security involves multiple layers of protection. Ensuring that the perimeter is secure is not enough. You will have to make sure that all employees are fully trained and that their managers are not allowing bad practices such as sharing passwords. ‘Super users’ with heightened privileges should be audited and delegated through a privileged identity management system to regulate who can access those powerful logins that grant access to an organization’s most sensitive data.
Make sure your company passes its IT security audit
Senior management may simply assume that the organisation will pass its IT security audits. Failing to do so will take up management’s time in planning remedial action, not to mention untold hours of additional work for IT staff.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.