Build Your Security Infrastructure on Trust – and a Couple Other Things
If the Solar Winds disaster hasn’t put you in a mood to review your data security infrastructure, maybe nothing will, but here’s an additional thought or two.
As we mentioned in a previous post, there is absolutely no shame in doing what you had to do to keep your business running amid the unprecedented upheaval of 2020. We commend you. At the same time, despite the news about Microsoft and major government entities, small to mid-size businesses generally make up the overwhelming majority of data breach victims.
With that in mind, it’s time to do a thorough review of any new systems you recently put in place – including the ones you don’t know are there.
Data Security and Trust
What does trust have to do with data security? Let’s assume you hire great people and partners. To a one, they stepped up to meet the unprecedented demands of shifting your business to a work from home model. They delivered projects on time and under budget.
Is it possible that in doing so, one team or another threw some files into Dropbox, for example, so they could share information with teammates when there was, for 24 or 48 or 72 hours, no other option?
This is the kind of activity you want to know about now. This is also where company culture comes in. It’s crucial that you maintain a culture of trust, not just accountability, which implies that employees must be prepared to fall on their swords when things go wrong.
mac-tech firmly believes in rewarding honesty with gratitude and respect. Ask employees to share any steps they took, like the Dropbox example, with your IT staff, and consult with them on any necessary security measures. At the risk of sounding sanctimonious, take the time to personally thank your employees for doing so.
Once you’ve created buy-in, you can begin systematically securing your data. This starts by creating data systems and workflows that make those insecure workarounds unnecessary. It includes security measures that safeguard your teams’ valuable work without making it more difficult to produce that work.
With going on 20 years-experience – and more than a few gray hairs – mac-tech offers the full suite of programmatic security measures that you also need to run your business in 2021. We just think these gray hairs have earned us the platform to share what we’ve learned about people along the way.
All Data is Critical Data
Common wisdom suggests that businesses can categorize their data as “critical” and “not-critical,” then build their security infrastructure accordingly. Critical data, such as customer information, must be prioritized, while other types of data are less valuable to the business, and thus less attractive to hackers. Unfortunately, this isn’t true. It may never have been true.
Hacking isn’t just about stealing what you consider most important to your business. A cyber criminal’s motives may range from merely doing damage, any damage, to espionage, to something as counterintuitive as proof-of-concept. (Yes, hackers have clients too, and they want to know what they’re getting.) And of course, there’s data mining, but it should probably be redubbed “data sorting”. Today’s technology makes it possible to gather vast amounts of disparate information and use it to make more intelligent guesses about, say, passwords.
The point is that all your data is critical – if not to you, then to someone else.
If We Haven’t Already Sold You…
While we take our work very seriously, we try not take ourselves too seriously, and we know you have many options when it comes to IT partners. So, while we’re (secretly) hoping that you’ll come talk to us, we mean it when we say, find a technology partner who can work with you to assess your current infrastructure, identify inefficiencies, then create and implement 21st century action plans, mobile management procedures, and more – helping you streamline your operations, while expanding your capabilities.
“Hacking isn’t just about stealing what you consider most important to your business. A cyber criminal’s motives may range from merely doing damage, any damage, to espionage, to something as counterintuitive as proof-of-concept.”