Originally posted to LinkedIn on May 15, 2017
There are two schools of thought in information security.
You can take a defensive posture - firewalls, coding to standards and implementing software that you “set and forget”– in essence, checking the boxes.
Or, you can think like a hacker. After checking those boxes, you try to break into your own system. You find out how people have been hacking into similar systems and then try to exploit your own network’s vulnerabilities.
Which describes your organization? If you have no idea, you are not alone. But I assure you the latter is your aim; it is imperative to take that next step.
Here is the first in a series of tips I will offer on protecting personal information and keeping data secure for your company or your clients.
Tip #1: Knowledge is Power
Educate yourself. Below are the first few items that should be on your technology to do list:
- Know where all your data is;
- Identify who has access to it;
- Classify your data as high risk (or not);
- Bring in an outside firm to objectively evaluate and understand your systems and processes;
- Then, create a plan and a specific scope of work so you know what technology partners you need (and don’t need).
With these small steps, you won’t be the company that stored 500,000 customer emails and passwords in plain text on its server. That‘s a start. Stay tuned…