Generally speaking, whenever you buy something, whatever the item may be, you have a reasonable expectation that it will be as described and function in the manner you expect. In other words when you purchase something you simply expect it to work.
And for the most part that is how the world works. You buy an item and get what you expected. If not, you typically have certain rights which will allow you to get a replacement item or your money back.
But sometimes you will buy something where you know in advance that it won’t work 100% of the time but will work some of the time.
What am I talking about?
The world of computer security of course.
That is because when it comes to the world of security, be that computers. networks or information, there is no such thing as a one hundred percent guarantee. If anyone tells you that their product or service is totally secure then you may want to take their words with a pinch of salt.
Thats not to say that you shouldn’t bother with security at all though. If you stay up to date with the news then I’m sure that you are all too well aware that the number of security incidents involving businesses of varying sizes are on the up. You just need to remember that whatever security products you buy, or whatever services you take advantage of, they are there only to mitigate the risks that your business faces; not to eliminate them altogether.
The threat landscape changes all the time so, whilst it is advisable to install antivirus software, or introduce an IDS system, you cannot expect that spending money once and then moving on is the solution for your long-term security needs.
New threats appear each and every day and some of those are specifically designed to get around intrusion detection systems.
That is why more is needed.
In the world of security, a world in which the good guys can only react to what the bad guys do, you need to be on the defense all of the time. Buying some software is better than nothing but that cannot be your entire strategy.
Whats more, some of the security risks will come from within rather that from outside of your company. Us humans can often be the weakest link and that certainly includes your employees who may introduce risk through bad behaviour, lack of knowledge or malicious intent.
Even if you have set up technical systems to lessen the chances of being attacked there is still every chance that a member of staff will kaibosh everything by bringing an infected USB stick to work or by surfing to a website they really shouldn’t visit. Or they may add their own unprotected smartphone or other device to the network. Or a myriad of other potential security risks that you nor no-one else can predict.
So what can you do to protect your company?
Whilst there are no guarantees, you certainly can look at software solutions as a starting point towards achieving your required information security standard. But you shouldn’t stop there. It may be worthwhile employing someone (or many people depending upon the size of your business) to oversee your security function. If you are a smaller business then even starting off small with a consultant and an audit of your procedures will be a good start.
Lastly, and perhaps most importantly, you will want to educate everyone who works for you. Training your employees to work in a secure manner is becoming increasingly important and sets some foundations on which you can produce some written security policies under which you can reasonably expect them to work.
So, whilst security isn’t guaranteed, you can see that there is much that you can do to lessen the chances of your business being the next one to make the headlines after a cyber attack.