Navigant's Cyber Risk and Information Security PracticeLearn More


Cyber Security on a Budget21 October 2014

Risk Management

In today’s hyper-connected world, organizations of all sizes and in all industries are right to be concerned about cyber security and potential data breaches. While large organizations generally have at least some reasonable security measures in place, small- and medium-sized organizations often do not. One of the main reasons is the incorrect perception that properly safeguarding data is expensive and time consuming.

Just as it is difficult for organizations to quantify the potential impact that a data breach would have on them, it is equally difficult to quantify the return on investment for cyber-security measures. This is exacerbated by the fact that a lot of cyber-security consulting firms are taking advantage of the current business environment to charge exorbitant fees for their “rare and specialized” expertise. The sticker shock can cause organizations to simply not take any action at all.

What organizations may not realize is that there are several affordable actions that can reduce exposure to risk. Focus on these fundamental areas for a positive effect on your data-breach prevention efforts:

  • Independent and objective assessment (technical and non-technical)
  • Policies and procedures
  • Employee training
  • Critical systems monitoring

Each of these factors plays a significant role in creating defense in-depth and strengthening your organization’s infrastructure. To get the biggest bang for your buck, your organization should have an independent assessment performed. This is relatively inexpensive and will provide great insight into the highest priority weaknesses and vulnerabilities. Essentially, the assessment will pay for itself by uncovering high-ROI priorities for your organization to address.

Improving policies and procedures is also an inexpensive way to positively impact data security. For example, documenting and training employees on a password-management policy can have an immediate, meaningful impact on something that affects everyone. Investing some internal resource time to develop these policies and procedures is a cost-effective way to improve their effectiveness. Organizations that don’t have the time or internal knowledge can purchase best-practice policy templates for a minimal cost that can be customized to the requirements of your organization.

Critical systems monitoring is another service that many smaller organizations assume to be cost-prohibitive and only for large businesses. Even if organizations have the capital to purchase their own internal monitoring systems, they often lack the trained security staff needed to use the tools. Outsourced critical systems monitoring solutions are a cost-effective option that enable smaller organizations to realize the benefits of critical systems monitoring monitoring at a fraction of the cost. Today’s hackers are constantly evolving their techniques, and your organization must monitor its networks constantly to prevent and/or minimize the impact of a data breach.

COMPASS has developed a methodology that combines the discipline of project management with the latest cyber-security technology and data-protection best practices. This methodology enables our clients to cost effectively address their cyber-security needs. In today’s hyper-connected world, every organization is just one data breach away from being a leading story on the news and social media, which can severely damage its reputation and brand. Find out how to protect your institution. Contact COMPASS to learn more about our methodology and service offerings and how they can help your organization develop a robust cyber-security ecosystem.

Work With Us Learn How