Security is important, right? Locked doors, video cameras, passwords and wallets. All are important to secure our money, property and data. What comes first in the security-centric chain? Funding, training, knowledge and tools are critical links in the chain.
Focus
If you don’t identify where security is important, it becomes difficult to know how to apply the rest of the links. How do you start? Begin with what, where, who, why.
What?
Hardware updates. Software patches.
Where?
Physical security. Data access in cloud or remote.
Who?
End-user education. IT personnel.
Why?
Risks associated with breaches, malware, ransomware, credential theft.
Training
What people and/or groups need security training? At what level? Consider the end user, the IT tech, the network administrator, the information officer and the human resources coordinator. All of these different jobs will require varying levels of training. Some training may be more technical while others will require conditioning of security best practices and awareness. Targeted training based on roles is necessary. One size does not fit all.
Funding
Concentrate on the best use of your budget. Consider the areas that need the most protection. What would happen if you experienced a data breach? Where could you have used your funding to best protect your resources? What costs would the organization incur if security measures were not put into place?
Make a list of all the areas of vulnerability. Identify the risk to the assets and how you can reduce that risk. One approach would be to give each area scores based on importance, protection and vulnerability. This can help you focus on the assets that require more attention and funding. You can’t protect what you don’t know about. A proactive approach to security will save time, money and reputation.
Understanding the possibilities can help you prepare for the probabilities.