Information technology is an ever-changing field,  and arguably IT security staff are the most under the gun in data centres as new threats emerge weekly. So it’s no surprise a recent survey by Trustwave found them feeling a lot of pressure.  Here’s seven of the ways it says staff can deal with it. Images from Shuttstock.com

Let the brass know

Rather than run information security programs tactically, IT pros should run them as a strategic business initiative. Make sure execs know what they’re doing to protect customer data, intellectual property and the brand as a whole

INSIDE Shout SHUTTERSTOCK

Test your security

With 4 out of 5 IT pros pressured to roll out IT projects despite concerns they weren’t “security-ready,” regular security risk assessments and penetration testing are critical. Risk assessments can help businesses identify if that data is vulnerable to an attack. Frequent penetration testing, can help businesses identify and eliminate vulnerabilities

INSIDE keyboard SHUTTERSTOCK

Educate staff

Businesses should regularly provide security awareness training to all employees, including contractors and temporary workers. Executives and business leaders are also prime targets, so training should be required for anyone who has access to private information. End-users often are considered the weakest link when it comes to security.

INSIDE teach, learn

Protect Web apps

Web applications are a high-value target for attackers, with e-commerce sites being the most targeted asset. Web applications often act as a business’s digital “front door” and are often connected to systems that contain sensitive data. Organizations need to adopt automated protection that includes the ability to detect application vulnerabilities and prevent web application threats.

INSIDE cloud security SHUTTERSTOCK

Watch your partners

Third-party IT providers (or any vendors that have access to IT systems), should be required to have detailed and locked-down security policies, perform ongoing and regular penetration testing, demonstrate appropriate remote access controls, ensure software and hardware is consistently patched and isolate data from other customers.

INSIDE suspicious SHUTTERSTCOK

Buy smarter

65 per cent of IT pros surveyed feel are pressured to use security products with lots of features, but a third feel they don’t  have the resources to use them effectively. If IT pros don’t have the expertise or staff to perform policy adjustments, fine-tuning and device management, they might be throwing away their money and contributing to a false sense of security.

INSIDE calculator SHUTTERSTOCK

Hope for the best, prepare for the worst

Adequate preparation can help ease pressures of possible data breaches. Have an incident readiness and response plan that includes detection and containment strategies as well as response scenarios. These elements will help IT staff see, stop and respond to an attack.

INSIDE plan, prepare, perform


Previous articleFive tips on fighting DDoS attacks
Next articleApp security full of holes: Report
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com