• 17/10/2020
Security is not just a logo for your website!

Security is a daunting word. However, security is of paramount importance for any business. 

Over the last 12 months, I have met with more and more companies and learnt many are taking a look at ISO 27001 and PCI accreditations. It is great more people are taking data security seriously. However, during discussions with business leaders and their motivations, I have been dismayed to find many just want the badge yet have little interest in improving systems. Delving a little deeper, I found they liked the idea of better security but felt it was not required for their business, perceiving the probability of a security incident to be negligible. I am glad they are going through the process,. It will force them to improve. Without a solid motivation, they will not get the real benefits, momentum will be lost and ultimately they will see data security as a cost and not an essential to doing business.

What is a security risk?

It is interesting when asking people about IT security they talk firewalls and penetration tests. Yes, security includes preventing unscrupulous people from hacking your network. It also includes ensuring integrity of your data, protecting from accidental loss or modifications within your network. This means not only including firewalls and perimeter security but look at backup, DR, anti-virus, anti-malware, building security, working practices, documentation and importantly, staff training.

Why is your data important?

Data security is important as most of today’s businesses are driven by their data. To put this into perspective, according to the Boston Computing Network’s Data Loss Statistics:

“60% of companies who lose their data shut down within 6 months of the disaster”.

Quite a staggering headline number.To not believe and ignore presents a peril to your business. I strongly advise considering the real impact of a disaster and what it is worth before making decisions on your IT security budget and timeline.

Where do you start?

Once accepting data security is a necessity, deeply understanding what is important to your business and to your customers and why is fundamental. This allows you to prioritise your response. Every business has budgetary constraints. It is likely you will be asked to justify the expense or disruption of any new security measures. Create a risk register, presenting risks associated with each system in different real-life scenarios such as human error, software failures, fires, internet outages etc. I find the scenario-based approach to be most persuasive as it explains to non-technical board members that it is not just about “hackers”.

To summarise, I am not knocking Sarbanes-Oxley, ISO 27001 or PCI, they are great accreditations and demonstrate your commitment but security should be taken seriously on all levels. This is very daunting starting out. I suggest getting an external company to review your systems and processes to offer expert advice.

If you would like to speak to Fifosys about security or compliance we would love to hear from you.

Recent Post

The Cloud Question

Are IT preconceptions holding the business back?

How secure is the Cloud?

The Six R's of Cloud Migration

Cloud Computing and the Property Sector

Related Posts

  • Jan

Do we value our data enough to protect it?

I’m sure you know yourself. You know your business. Of course you want to protect everything in it,

Read More
  • Jan

Privacy or anonymity? - Which is more important in the digital era?

Technology is evolving quicker than most peoples’ ability to understand it; therefore it is increasi

Read More
  • Jan

If all computers are vulnerable, how strong are your security defences?

You should now understand the difference between Privacy, Anonymity and Pseudonymity. which should l

Read More
  • Jan

The Cyber Security Landscape - Best Practices to Protect Your Business Data

What business owners consider to be valuable assets will vary from one business owner to another  bu

Read More