Three guidelines for reducing cyber-security risk
- November 20, 2018
- 1035 views
My former boss had a saying he found amusing. When he didn’t get what he wanted out of a meeting, he’d look across the table and say to whomever confounded him, “well, I’m glad they promoted you to director of business prevention.”
That idea of “business prevention” is also a useful concept. It’s an idea which comes to mind when I think of cyber-security.
Since technology connects us so deeply these days, the need for effective cyber-security programs is imperative. Companies that handle sensitive customer information, like credit card numbers, Social Security numbers, addresses, etc., have an obligation to secure it tightly. For good reason, customers will be very reluctant to do business if they believe their information will end up in the wrong hands.
Cyber-security is also applied internally as well as externally. Many businesses use products from tech firms like Cisco, CrowdStrike, Forcepoint or Symantec to keep bandwidth open for productive traffic by restricting full access to the web. This also prevents malicious software finding a way into sensitive systems.
But you can certainly have too much of a good thing, and having too many security measures in place can bog down a company’s ability to do business. It’s like installing too much security in your home: at a certain point, it makes normal activity unreasonably difficult.
That said, there’s no rule about how much security is too much. Every business has different needs and what is necessary for some will be superfluous for others. I can think of a few guidelines, however, that business leaders can use to reduce cyber-security risks.
- First, limit access to information. The most sensitive data should be in as few hands as possible.
- Second, if someone does gain access, don’t have anything for them to find. While certainly not always possible, the more data a business retains, the higher the risk of a breach.
- When those measures aren’t enough, my third guideline is to encrypt what data you must retain. Data that cannot be processed is of no use to anyone.
With these things in mind, you can work to ensure cyber-security isn’t the leading cause of business prevention in your workplace.