Do you actually think your data is secure?

Have you asked yourself “is our data really secure?” Do you really believe you can’t be hacked? Do you trust your information is safe from others? 

If you think you are safe, I’m here to tell you, you are wrong! We all spend a lot of time and money on our data security and the products protecting us, but the real truth is, there is always someone smarter and more cunning that can break through whatever defense you may have commissioned. Some of the best and most secure environments have been breached and many just recently. 

Understand, I am not preaching or trying to panic the masses or that data security is a waste of resources, but writing this as a conscientious reminder of how critical it is to always keep security at the forefront of your mind even if you are not a data security professional. These days’ security breaches, data loss and proprietary information leaked. Data security should be a Number One priority on every C-levels agenda and should be considered for every project regarding information or corporate endeavor. 

How ironic it is that you can spend capital funds on Firewalls, IDS, endpoint protection, SIEM, etc and do all the right things to protect your environment only to find out that someone accidently clicked on an email that they shouldn’t or an administrator made a mistake with a rule set and disaster strikes quickly thereafter. So, as an executive you can’t lose sleep over this and you certainly can’t sit back and wait for it to happen. So what then?   Your job depends on protecting the company’s assets, what and how to do this is an ongoing saga and I am going to address that.

Obviously learning from others’ mistakes and avoiding duplicating them is first advised. As we see these security breaches happening around us and making the news we should digest this data and use it to our advantage. Just recently a company hit the news about a network misconfiguration that left all their customer data open to the general public. Most certainly, there are generally accepted principals about change control that could have avoided this, but the fact is, these principles were not adhered to and that alone should make other companies that are concerned about security either look at modifying their change control or adopting one. If you are at all unsure of how to do this they can look at some of the ITIL standards around change control, or hire a professional. This should have been a very obvious lesson to everyone that read about it, this has happened before and a repeat should be a reminder to revisit your company’s controls on a regular basis. 

Another such recent example was with an end users clicking on emails that lead to the ransomware virus, this has been a very long standing issue and any security professional should have already addressed this BUT if you haven’t then let the current companies hitting the news be a lesson to you. As you see the corporate pain and obvious cost associated with this attack, not to mention the company’s reputations and name being tainted, you should take a moment and think “I never want to go through this!”

Obviously everyone has their own difficulties with getting good security solutions in place and sometimes getting the funds approved for it but as companies hit the news it should get easier for smarter executives to justify the need.   

With all that, we as executives can never let ourselves get too comfortable. With all the process, procedure and controls in place, it could still happen to you, you should never let yourself get too comfortable. You don’t have to be a security professional to keep your eye on what is going on in the world. The hackers are always getting better, faster, smarter, and you need to keep up with them. It may be as simple as subscribing to a few blogs or websites to just get some headlines about what is new in the world of data security. Corporations often time have a false belief that they have done enough, they are protected from a breach, when in fact they have allowed themselves to fall behind and not keep up with the new hacks that are coming around. 

The last advice I have is to always seek help and expertise. One single employee can never know everything and if a person thinks they know it all, they are so wrong. You may want to consider engaging a security firm, a consultant, or business associates that are current in the security space. I personally have spent a significant amount of my time talking to other technology professionals in an exchange of ideas and learn what I can about the newest security practices.     A most valuable aspect of life is there are always lessons to be learned from others, you need to know what experiences they have encountered and how they handled them.  What decisions were made and what was the outcome? What was learned from the experience? Sometimes learning how others failed is the best lesson learned. 

Remember, you are never completely safe from being hacked, but you can be sufficiently safer than most if you do the right things. Security is more important than it ever has been and more people are learning how to profit off of other’s fears in the market. I urge everyone that reads this to put security up front and never stop thinking about improving upon it.