A Critical Need For Strong Information Security Oversight and Controls | Network Management Solutions

A Critical Need for Strong Information Security Practices

Who is responsible for your information security practices and why?  If you are the business owner, CEO, or other key executive have you discussed with the individual or organization what your information security goals are?  I am not talking about a technical discussion but rather a discussion in business terms.  Are there defined security standards to which the organization adheres?  Is information security become part of the business culture?

Too many business leaders don’t find a discussion necessary and assume that their input is not necessary or the conversation too painful to manage.  Having spent a career dealing with information technology and security personnel I can relate.  However when your input is not part of the conversation don’t assume that anything is secure.  Don’t believe what your “expert” tells you unless its been verified.

Now perhaps you are a large organization and as the CEO you are too busy to deal with the techies.  Your CIO or CISO are boring and you believe you’d be more productive painting your dog’s nails.  Well there is a long list of CEO’s and board members that might wish they were more involved.  The latest attacks at Target Corp and Neiman Marcus are more of the same.

Hackers are sophisticated and operate in ways most organizations don’t understand.  Their probing, testing and theft happens over long periods of time.  It’s not like a theft at a storefront or bank.  Hackers rely on being stealth and their activities can last months or even years.  They are operating within your company walls from far off places on the other side of the world and your security operations staff has no idea this is occurring.

Most organizations find out about their compromise from law enforcement as they investigate criminal activity on a global scale.  However it’s still your problem. Unless your hack is a matter of national security the amount of cooperation you receive from the FBI or USSS will be negligible and may be non-existent.  Its not that they don’t want to help but these agencies are focused on national security and money supply and their resources are stretched.

So you’re a small business and you believe that you are off the grid, out of the loop.  Well that is not the case.  Depending on how events are tracked and who is reporting statics show that about one-third of all attacks involve small business

and sometimes these “attacks” come from inside the organization.  That may be shocking to a small business owner but small business is easy prey.  As a small business owner you should be asking all the right questions since your banking accounts, operation, customer information and reputation are at risk.

Often the hacker can penetrate a small organization because the architecture is flawed, devices are not properly maintained, patches are not applied, and no one is being held accountable.  As a small business owner you must be involved and must be asking the right questions.

Network Management Solutions has been helping companies address business driven technology issues since 1996.  We are currently serving a variety of customers within New Jersey, New York, and the surrounding metro areas of New York and Philadelphia.

Please contact NMS to schedule a free one-hour no obligation consultation to discuss your concerns.  We will provide expert advice in simple business terms on how to best address your issues through NMS or another provider.  NMS can be reached by phone or email at 908-232-0100 or info@nmscorp.com.  More information on Network Management Solutions can be found at www.nmscorp.com.

Comments

  1. I agree with your comments, particularly on the notion that communication, discussion, and input is not needed. It is, very much so, and it’s why breaches will continue to happen so long as companies are lax about information security, and that’s unfortunate. What’s needed for helping ensure the safety and security of one’s I.T. environment are the following three (3) mandates: (1). Well-written information security policies and procedures – those that are actually followed! (2). Annual security awareness training for employees – structured training protocol that effectively discussed leading I.T. security threats and challenges, along with best practices. (3). Proper provisioning and hardening of information systems – such as removing default accounts an insecure and unnecessary services and protocols. The very best defense any company can have for ensuring the safety and security of organizational assets are employees who actually care about the organization and are highly trained in regards to identifying threats or concerns to the company as a whole.

  2. Great points on information security. I would just add that Cyber security threats are going to continue to grow in the coming years, so it’s highly essential that companies start securing their entire digital infrastructure, which begins by putting in place information security policies and procedures, provisioning and hardening of such systems, and then undertaking comprehensive security awareness training for employees. Call it the 3-point stance for protecting your organization. The problem is that most companies have (1). Outdated policies (2). Don’t have formalized procedures and checklists for hardening their information systems, and (3) do little or nothing when it comes to security awareness training. This won’t cut it in today’s world, so it’s time to get serious about information security.

Speak Your Mind

*