The more they stay the same. Yes the landscape just changed. Forever. But the way we protect ourselves. Our companies. Our data. Doesn’t change. Sure there are some new threat definitions. Some new rules and filters that will be added or changed by security vendors. But so many best practices remain. You still shouldn’t be sharing C-Level password credentials. And you certainly shouldn’t emailing them around, with no encryption. Role based security is still key. And keep it to as few levels as possible. “The secret sauce”, say an unreleased movie, should be behind sharks and laser beams. The important stuff, payroll, financials, private conversations, should all be protected, audited and reviewed. And stuff that doesn’t matter. Leave it. Spend your time guarding what’s sensitive.
Who has access to your data? Would you know if they took it? Do you pay attention to your security? Spend money on it? Do you have a plan? A written plan? Does someone audit it? What would happen if you had a breach? Customer data was made public. Who would be the fall guy? Would it be the IT department? Or the department that funds or chooses not to fund the IT department’s recommendations. Being secure is expensive. Being “locked-down” secure is really expensive and time-consuming.
So why don’t we outsource it all? Put our data in the cloud. Office 365. SalesForce. Hosted medical systems / accounting / insurance. Let them handle the security. That will save you a ton of money. They have the expertise, the time, the budget. True. But I can’t help but fear they have the same challenges. Budget constraints. Lack of attention from the decision makers. And they have an issue most of us small businesses don’t. Amount of records. The size of the treasure. A small business may have 10,000 records, where a cloud provider that houses hundreds or thousands of businesses could have millions. Billions even. I don’t know if I trust that anyone can do cyber security air-tight anymore. Not unless you have a monster budget, a real commitment from the top and a talented team.
So what do I want to focus on? The secret sauce. Our employees data. Their private details. And of course, customer data. We are constantly be watching for better ways to review logs on our firewall and other valuable systems. And new methodologies, technologies. Example: I’m hoping there becomes a more efficient and economical way to monitor all file activity. Moves, copies, deletions and modifications. For the small business budget.
Most important, keep building our checklist. Our security checklist. And review it again and again.
Last year my New Years Resolution was documentation. This year. Security.
If you think it’s locked down, review it again.
Written by Bret Erickson
Passkey Computer Services
www.passkeyinc.com
Tech for Thought 