COMPASS co-hosted a cyber security webinar for the National Business Officer Association recently where we discussed actions that academic organizations can take to protect their data. These lessons really apply to all organizations, regardless of industry, because any organization that possesses data must take steps to proactively protect their assets. One of the main takeaways from the webinar was the concept that there are three pillars to data protection – people, policies and technology (PPT). Here is a bit about each and its significance in protecting an organization’s data.
People are the biggest weakness in an organization when it comes to protecting data. All it takes is a single compromised user account to allow a bad actor to violate an organization. Employees must clearly understand their organization’s policies and procedures on topics ranging from password management to acceptable use. In addition to all employees playing a critical role in an organization’s protection, it is equally important that each functional area within an organization play a significant role. This means the human resources, finance, facilities and other “non-technical” departments should be included when developing the organization’s cyber security roadmap.
Policies are the rules and guidelines that govern how an organization operates. Organizations that lack comprehensive and well-thought-out policies are opening themselves up to the possibility that their employees will make a decision that is in conflict with the organization’s wishes. Human nature means employees often pick the path of least resistance so if they are allowed to make a decision (without a documented policy) they will likely choose the least optimal path from a security perspective. Policies must be well documented and every employee should be regularly trained and tested on them. Policies are also important input into defining the requirements for the appropriate technology for an organization. Organizations can spend a lot of money on hardware and software that don’t support their internal policies and procedures.
Technology is an important component of an organization’s cyber security approach, and it should complement the people and policy aspects. Technology should be an enabler and a protector of assets. There must be a balance between protecting the organization while not inhibiting the daily work functions of the employees. Organizations should analyze their current infrastructure capabilities before procuring additional hardware or software. Most organizations are not fully utilizing their current infrastructure, so buying additional assets can be a waste of money.
These three pillars of cyber security are critical components to creating a robust cyber security defense that is efficient, comprehensive, and cost effective. Organizations should perform an initial security assessment to determine where the stands across these three areas.
COMPASS has developed a methodology to assist institutions with developing a customized, cost-effective, and practical approach to cyber security. This approach combines the discipline of project management with the latest cyber-security technology and data-protection best practices. In today’s hyper-connected world, every school is just one data breach away from being a leading story on the news and social media, which can severely damage its reputation and brand. Find out how to protect your institution. Contact COMPASS for your initial IT network security health assessment.