Ease the pressure on IT security staff

Information technology is an ever-changing field,  and arguably IT security staff are the most under the gun in data centres as new threats emerge weekly. So it’s no surprise a recent survey by Trustwave found them feeling a lot of pressure.  Here’s seven of the ways it says staff can deal with it. Images from Shuttstock.com

Let the brass know

Rather than run information security programs tactically, IT pros should run them as a strategic business initiative. Make sure execs know what they’re doing to protect customer data, intellectual property and the brand as a whole

INSIDE Shout SHUTTERSTOCK

Test your security

With 4 out of 5 IT pros pressured to roll out IT projects despite concerns they weren’t “security-ready,” regular security risk assessments and penetration testing are critical. Risk assessments can help businesses identify if that data is vulnerable to an attack. Frequent penetration testing, can help businesses identify and eliminate vulnerabilities

INSIDE keyboard SHUTTERSTOCK

Educate staff

Businesses should regularly provide security awareness training to all employees, including contractors and temporary workers. Executives and business leaders are also prime targets, so training should be required for anyone who has access to private information. End-users often are considered the weakest link when it comes to security.

INSIDE teach, learn

Protect Web apps

Web applications are a high-value target for attackers, with e-commerce sites being the most targeted asset. Web applications often act as a business’s digital “front door” and are often connected to systems that contain sensitive data. Organizations need to adopt automated protection that includes the ability to detect application vulnerabilities and prevent web application threats.

INSIDE cloud security SHUTTERSTOCK

Watch your partners

Third-party IT providers (or any vendors that have access to IT systems), should be required to have detailed and locked-down security policies, perform ongoing and regular penetration testing, demonstrate appropriate remote access controls, ensure software and hardware is consistently patched and isolate data from other customers.

INSIDE suspicious SHUTTERSTCOK

Buy smarter

65 per cent of IT pros surveyed feel are pressured to use security products with lots of features, but a third feel they don’t  have the resources to use them effectively. If IT pros don’t have the expertise or staff to perform policy adjustments, fine-tuning and device management, they might be throwing away their money and contributing to a false sense of security.

INSIDE calculator SHUTTERSTOCK

Hope for the best, prepare for the worst

Adequate preparation can help ease pressures of possible data breaches. Have an incident readiness and response plan that includes detection and containment strategies as well as response scenarios. These elements will help IT staff see, stop and respond to an attack.

INSIDE plan, prepare, perform


Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Slideshows

Top Tech News