Know thy enemy: How IT protects your business from undesirables

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://mediaroom.marlinfinance.com/information-technology-equipment/know-thy-enemy-how-it-protects-your-business-from-undesirables/

When done right, any information technology job is a relentless one,
especially in this day and age. With more companies than ever integrating
extensive tech-driven initiatives into their business models, there is much
for the IT professional to do. And as more business is conducted through
these channels, the greater the reliance an organization has on the
knowledge of its IT. Greater still are the demands.

Executives with little to no IT experience might not know what their
companies are up against when it comes to managing various networks within
an office setting or troubleshooting issues as they arise. Think of robust
investment in IT as fortifying a castle. Proper maintenance and threat
assessment can keep your kingdom not just standing, but thriving. But in
order to keep your Camelot from crumbling down to the ground, your IT
department needs to remain vigilant. Every executive should know what's on
IT's most wanted list.

Mismanagement

Depending on the business model, an IT department might get its marching
orders passed down from on high. Most likely these tech-savvy employees
will have advice as to how your company should organize its networks and
store its data. Listen to them. As Inside Counsel warns, failure to adhere
to certain regulations can put your organization at risk of data breach,
fines or loss of pertinent information necessary to its daily function.

A writer writes and a builder builds. Inherent in both of those positions,
as with IT, is the need to scrutinize the work output. If a writer sent her
editor an article riddled with spelling errors and misplaced commas, she
might lose her job. If a construction worker doesn't align his blueprints
with local ordinances, the buildings he makes will be deemed unsafe. IT
professionals know how to hunt down the little inconsistencies that keep a
modern business moving, but they also understand the varying levels of
security architecture and upkeep required to maintain continuity. Trust
them.

Technology trends
The Internet of Things and Bring-Your-Own-Device programs spice up the
office while encouraging productivity and innovation. They both also create
a heavier workload for your IT department upon integration.

To help ease the transition, Forbes contributor Joseph Steinberg suggests
treating all these new devices as serious computers and as such, serious
portals through which cyberattacks can occur. According to Steinberg, any
device connecting to your company's network not only needs protection
against threats from the Internet and encryption support, but also
remote-operated data wipe capabilities. After all, merging a personal
smartphone with a work phone means splitting responsibilities with your
employer. In exchange for the freedom to allow employees access to
important data caches from the palm of their hand, IT departments need the
ability to protect that device as it would any other tech under its purview.

Human error
IBM's 2014 Cyber Security Intelligence Index found that 95 percent of all
workplace security issues involve a human touch. Though the report included
things like clicking on malicious email attachments and ridiculously easy
passwords (come on, folks), problems also included configuration problems
only the IT department would have access to. So, how can you trust IT when
they could be their own worst enemies? By working alongside the team to
develop a system of checks and balances outlining every possible incident
and a list of solutions for each one.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!