V&C Solutions

V&C Blog

April 10, 2015

Devising An IT Security Strategy


Chains

The stakes are high for any company who houses sensitive information on their IT infrastructure. And these days that means most businesses.

Targeted attacks are on the rise, and, after what happened last year with the likes of JPMorgan Chase and Sony pictures, there seems to be no limit to the size and scale of a company that are potential targets.

For SMEs IT security is a must. Whilst a company as massive as Sony can no doubt afford to weather the storm, if a smaller business gets hacked, then oftentimes there is no way back and the end is eternally marked for them.

So, what to do?

Is Total Security Ever Possible?

The short answer, unfortunately, is no. Just as in the physical world there is no wall high enough that can’t be climbed and no lock strong enough that can’t be broken, so it is in the digital world.

But the fact of the matter is that just because you can never create an absolutely impenetrable IT security system for your network, that’s not to say that an effective risk-based security strategy won’t serve your needs and keep you protected against attacks indefinitely. The trick is in trying to stay ahead of the game.

Risk-based Security

To do so you need to identify, evaluate and prioritize all of the potential risks to your system based on the level of sensitivity of your data. Generally speaking, the more sensitive your data, the more valuable a target it is.

Other factors to monitor are the vulnerabilities that may reside throughout your system. Again, these will prove to be the most likely points at which hackers and cyber criminals will attack.

In order to come up with an adequate security strategy, you will need to make risk-based decisions and develop realistic security goals in accordance to the identified risks.

One of the key measurable benefits of risk-based security is found in budgeting. If you can identify which of your assets matter the most to your business, then you can allocate appropriate funds into protecting them, rather than wasting money trying to secure less sensitive material.

Devising An IT Security Strategy

The protections of all of your assets – which includes your reputation, your staff, your customers, as well as the actual data itself – is an absolute must for all companies. Therefore devising an effective IT security strategy is imperative to the integrity and future of your business.

Cyber threats are evolving all the time, and in order to protect yourself against them, then you need to evolve as well.

We recommend taking the following steps to devise a security strategy that will keep you ahead of the game and protect your business.

1. Identify Your Most Valuable Assets

This is the fist stage. You may actually find it quite hard to quantify the actual monetary value of each of your individual assets. But this isn’t to say that you actually need to do such a thing to determine which sets of data are most valuable to your business.

For instance, the files in which you store your customers’ credit card information are obviously more important than the ones where you keep a list of company employees. Although of course you’d rather that neither became compromised, the priority in this situation rests with the former.

2. Analyze Risks

Security risks can encompass anything from network vulnerabilities to members of staff who are untrained and end up opening compromised emails and downloading apps that are infected with malware. Work out exactly what all of the potential IT security risks are, and list them in order of sensitivity.

3. Make A Plan

Once you have identified your most valuable assets and have analyzed all potential risks, now it’s time to start making a prioritized plan that you will follow.

This security plan will be an extremely important document to your business. In it will be the proposals for what your organization is planning to do in order to meet security requirements. You will be listing all of the people involved, the resources that you will utilize, and the network services that require protection (intranet, web, emails etc.).

4. Enforce A Security Policy

Once your security plan has been actualized and deployed, you should then draw up a security policy that all staff and managers who have access to the system must abide by. The IT security of a company is the obligation of everyone.

The key points of your IT security policy should include:

· Access
· User Authentication
· Accountability
· Privacy

5. Maintenance

Audits must be regularly scheduled so that security is constantly maintained. Regular testing, training and updating of the security plan and policy is an absolute must to ensure that your security efforts will stand the test of time.

What is known as the “security wheel” is in fact a never-ending process. Monitor, test, improve, monitor, test, improve, monitor, test, improve, monitor… and on it goes.

Does your business have an IT security strategy in place? Contact us here at V&C Solutions to find out how we can help you get yours up to scratch.