Business information is seemingly at a constant state of risk. Last week’s massive global cyberattack proved just how vulnerable many organizations are. And in the wake of security events, there’s no shortage of reactive measures—people scrambling to ensure they aren’t next.
However, there are plenty of security experts who safeguard their businesses effectively. They’ve developed their information security architecture into a shield that protects the organization and its employees. Part of the reason they’re able to accomplish that lofty task is that they know the answers to all of the following questions. Here are four things you should know about your information security architecture.
Are the Right People Accessing the Right Information?
Who’s accessing your information within your organization? It’s a question that far too many people don’t know the answer to. Definitely, at least.
According to a recent study conducted by Ponemon Institute and Citrix, out of over 4,000 IT security practitioners they surveyed throughout the world, over 50% said their top goal in creating a new IT framework would be to have a unified view of users across the enterprise. That’s a very appropriate goal—especially for large, multi-national corporations. However, in that same study, over ⅔ of respondents stated that some of their “organization’s existing security solutions are outdated and inadequate”.
Without adequate security solutions, it’s likely that they aren’t accomplishing their security objectives. Having an IDS or a HIDs solution in place enables you to set access controls using parameters like the user, group, role, and plenty of others. Which helps you answer the question, “Are the right people accessing the right information?”
How is Mobility Affecting Architecture?
As systems and devices evolve, so too can complexity. Complexity is often the underlying cause of an IT environment’s vulnerabilities. As the workforce becomes more reliant on mobile devices, policies are likely to reflect those demands.
But how do BYOD policies and other workforce mobility solutions play into overall architecture?
Policies are only effective if they’re enforced throughout an organization. If every employee believes that they have a part in the organization’s cybersecurity, mobility becomes less of an issue because policies are adhered to and safe practices are taking place.
Are Employees Across Business Units Educated on Cybersecurity Practices?
While it might not always seem so, cybersecurity is everyone’s responsibility. When a marketing department is planning on implementing a new CRM, there should be discussions and plans in place for storing data. HR departments have sensitive information about employees which will also require policies around who is accessing that data and who that information can be shared with.
The recent global cyberattack that caused chaos in shipping ports across the world and within a number of high-profile businesses actually infected computers of people downloading a well-known tax prep software. It’s not uncommon for employees to access information that could potentially put the enterprise at risk.
Educating your entire organization on the different forms of cyberattacks, the common human errors that leave businesses at risk, and the warning signs that something might not be right is a key step in securing your business. It is also one of the best ways to receive buy-in across the organization to include security into each business initiative they decide to take on.
How Do the Third Parties You Work With Affect Your Security?
If your internal IT architecture is highly secure, but the vendors, contractors, and other third parties you’re working with aren’t adhering to your same security standards and procedures, you’re putting the organization at risk. While it may be viewed as additional hoops to jump through, it isn’t uncommon for businesses to require their vendors to abide by strict security policies enforced by the company they’re providing services for.
This might take on a few different forms as it relates to your security architecture. It might mean that you’re providing non-employees with or confirming information before they’re able to access your assets using:
- Knowledge factors: Passwords, usernames, PINs
- Possession factors: Key fobs, ID cards
- Biometric factors: Fingerprint, voice, facial recognition
Some organizations may only require one, while others might require a full 3FA, or 3 Factor Authentication, for both their employees and the vendors/contractors they work with.
July 5, 2017