Seven ways to tighten cyber security

Another year is drawing to a close, and with it come the usual look-back stories at what happened. Once again it wasn’t pretty. The question is what’s a CISO  to do about it?

The answer is, cover all the bases while facing the demands of other parts of the organization for business agility. A big job? Well, security and agility aren’t incompatible, but like everything else in an enterprise they have to be reasonably measured with risk.

That brings me to an article I saw this week that outlines seven things CISOs should be taking to making their organizations more secure:

–Understand information assets. I’d make it clearer than that — understand that in addition to product design and intellectual property, all personal information held by the organization is also a target and has to be protected;

–Encrypt all data. Here’s where business units may object, fearing encryption of data at rest as well as in transit may slow down business processes. And small businesses may say it’s impractical. But the risk is too great to do otherwise.

Remember, no company is too small to be attacked: Last week CBC reported that a Calgary wine store had to pay a ransom to get its data back after an attacker infected its database. If you don’t want to or can’t encrypt data, at least have solid backup and recover processes so blackmailers can be ignored.

–Automate security processes where feasible;

–Keep patches up to date. That doesn’t mean everything has to be patched immediately. As an expert I interviewed earlier this year pointed out, patches have to be prioritized.

–Demand top security from third parties the organization does business with. You haven’t forgotten how hackers got into Target, did you?;

–Build security into the organization’s risk model;

–Actions speak louder than perimeter alarms.  That means you’ve got to have user behaviour detection software as part of the security toolset.

Do these sound like Security 101? A lot of security pros I spoke to this year said the basics are still not completely carried out by a lot of organizations. That makes them more likely to be breached than others. Layer a regular awareness program, strict password policy and penetration testing on top of this and your organization will better face cyber challenges.

Read the full article here.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now