1. Make your company look good
Raise the profile of IT security within the company
Some departments within your company will have a higher profile than others. This is often just because of the nature of the departments' personnel. The sales team is a good example because they tend to be extroverts and geared at self-promotion. Make sure that the job the IT security department is doing is publicised within the company. This means that simple things, such as the new software which has been deployed to make the company safer or any new staff who are being hired with particularly good backgrounds or who have been poached from ‘big brand companies’, should be publicised in the staff newsletter, round robins, e-mails and by talking to the big boss when you happen to bump into him.
Make it harder for information to leak out of the company
It was the case until only recently that information within most enterprises was kept within silos. The advantage was that information was on a ‘need-to-know basis’. It became apparent, however, that a drawback was that information was being withheld from other departments that needed it. As a result, silos have dissolved in many organizations and new flat management structures enable information to flow across the entire enterprise.
However, with so much sensitive data accessible to so many people, suddenly you face a greater risk of damaging breaches and are vulnerable to greater data losses when a breach does occur. That's why it's essential to maintain silos for your organization's most sensitive data, yet ensure that you can give access to those who need it.
Keep your company out of the news
It seems like hardly a day goes by without a data breach making the news — be sure that your company is not making the headlines for all the wrong reasons by doing everything within your power to protect your data.
Always remember that proper IT security involves multiple layers of protection. Ensuring that the perimeter is secure is not enough. You will have to make sure that all employees are fully trained and that their managers are not allowing bad practices such as sharing passwords. ‘Super users’ with heightened privileges should be audited and delegated through a privileged identity management system to regulate who can access those powerful logins that grant access to an organization’s most sensitive data.
Make sure your company passes its IT security audit
Senior management may simply assume that the organisation will pass its IT security audits. Failing to do so will take up management’s time in planning remedial action, not to mention untold hours of additional work for IT staff.
Start preparing in advance to make sure that your audit is passed first time every time with flying colours. Meanwhile publish internally the details of all data breaches and gaffes you find by those in your industry. Never gloat about competitors' missteps, but rather make sure that the staff follow your simple rules and that management knows you're establishing the right processes for the benefit of the organisation. Your validation of continuous compliance can be the IT audit – organised by you!
Make sure the organisation is compliant with all relevant and updated government, federal and international laws
This is becoming more and more important, particularly as organisations such as the European Union Commission plan to hit enterprises that suffer data losses with huge fines. The IT security landscape will soon be one where breaches are not purely just a PR disaster, but a financial disaster as well. Your job, as well as your promotion, depends upon steering clear of this elephant trap.