This is Part Three of a three-part blog series on virtual security. Part One | Part Two
We don’t mean to alarm you. But there’s a very good reason the cybersecurity industry is projected to grow 60% by 2020.
The following security mistakes are frighteningly common – and could cost you dearly.
Read on to find out what they are and what you can do next. Before it’s too late.
See Part One for security mistakes #1-3 and Part Two for security mistakes #4-6.
Security Mistake #7: You don’t have a breach-response plan.
Quick reminder: In the Target Corporation breach alone, 40 million credit cards were stolen, with upwards of 4.8 million of those cards used fraudulently at an estimated cost of $1.4-2.2 billion in actual losses.
Target Corporation was in a position to respond quickly to the breach, but they didn’t.
By some reports, their internal IT security team ignored warnings, likely due to a “cry wolf” situation with their monitoring tools and partner. Then, when the breach was finally revealed, the company didn’t have a cohesive response strategy. The company obfuscated, and didn’t get information into the hands of people who had been compromised quickly enough.
You need to have a breach response plan. You have to know that a reputation impacting breach could happen to your company and have a plan for what you’ll do if it does. How will you alert your customers? What media outlets will you contact? What law enforcement agencies?
Security Mistake #8: Assuming that a “security” firm knows what they’re doing.
Anyone can call themselves a security firm. But it’s one thing to brand yourself as experts in an area; it’s another thing entirely to be able to execute.
If you have a low level of IT security knowledge and you’re looking for a security partner, talk to references. Do your homework. In particular, ask about third-party audits. For example, every year, Involta gets audited by a third party for our managed services, finances and data center operations so our customers can be confident we meet the same requirements we preach.
We’ve gone through, and helped customers pass, compliance audits related to numerous standards, including SSAE 16, HIPAA, GLBA, JSOX and SOX.
Security Mistake #9: Not understanding the true importance of security.
The biggest mistake you can make with regard to security is not taking it seriously.
Risk doesn’t feel real until you have a loss. Many organizations either haven’t suffered a loss or haven’t suffered a loss big or recent enough to make a lasting impression. As a result, their security programs are starved for people and resources. Until something forces them to act.
Conclusion
Another reason security gets overlooked, even at companies you’d think would know better? It can feel like a burden.
If you’re a technical person who rose through the ranks to management and you’re looking at NIST SP 800-53 – a security controls framework – it’s about as comprehensible as a cuneiform tablet.
Involta delivers security services and consulting to clients large and small. We can help you navigate the process of implementing a custom security program. The most important thing is to make sure you know what you want to protect and then implementing controls to provide that protection.
Click below to schedule a complimentary security consultation with an Involta expert.
Click below to download the complete Virtual Security Executive Brief.
