Brian Jackson is a renowned cybersecurity expert and the co-founder and COO of BurstIQ, a Denver based tech company whose blockchain platform is enabling health data to be connected on a global scale.
Throughout his career, Brian has directed and managed network security engagements for Fortune 500 Companies, Department of Defense, down to smaller startups. He understands the stark reality of running a business with a visible online presence is that you are always on the radar of hostile actors. They are ready to take advantage of vulnerabilities to breach your sensitive data. The good news is that every security flaw always has a solution to it. And by avoiding mistakes, companies can minimize the losses resulting from security breaches.
We asked Brian to share his insights on the biggest mistakes that companies make in security. Here provided six glaring problems he sees companies making with their security protocols and what to do instead.
Failure to Design or Plan for Cybersecurity
Companies that have security issues tend to fall into one of two categories. The first is those that did not design, implement, or plan for enterprise growth with security in mind. This first group eventually grows to a point where change is too big of a task, so they try just plugging the known leaks, which only accounts for a small percentage of issues. The second category includes those firms who have over-complicated their security without putting themselves in the user’s seat, which prevents users from being productive. People are smart and resourceful and will find ways to streamline their jobs bypassing security policies or systems, which generally creates much larger security holes than what the strategy or system was in place to prevent. Security does not have to be hard if designed and implemented correctly.
Making Assumptions That Your Company is Not A Target
As explained earlier, all companies, whether big or small, are targets for cyber-criminals. And if you make the mistake of thinking that you are not a target, your complacency will invite a host of attacks. Because security breaches that make the headlines are usually related to credit card theft or the breach of personal information, companies that do not deal with such data tend to believe that they are out of the coverage area for cyber threats. Unfortunately, this can turn out to be a dangerous mistake and perhaps a costly one.
Not Investing in Security Systems
In the corporate world, the number of adversaries who are on the lookout for vulnerabilities in your company is more than you can imagine. Bad guys are out to get companies that overlook the state of their security barriers. If your organization hasn’t invested wisely in security solutions, you have a reason to worry that you’re a possible target. The first giant leap towards security is acknowledging that you’re a victim even before you suffer the attack. Understand that your company’s data is valuable, then the idea of investing in protecting the data will naturally come to you as a manager.
Overlooking Security Training.
Security awareness training has to be an ongoing task. You cannot just train your employees with the same basic training materials when newly hired and expect everything to be okay. Engage with your employees regularly and keep them up-to-date with the current security protocols. A lot of the training materials I see look like they were written in the early 2000s. Technology has changed since then, so should the training material.
Listen and Work With Your Employees.
Have the security team work with the users and understand what their day-to-day activities are like. The typical ‘my way or the highway’ security implementations is precisely why there are so many internal security threats or issues. The user will find a way to circumvent security policies or systems to get their jobs done. Also, unscrupulous employees can operate under the cover of darkness to create loopholes for their accomplices to visit harm on your company.
Believing That You Are 100% Secure
Believing you know everything that is going on, thinking your employees aren’t using shadow IT and aren’t circumventing systems and controls, or thinking if you are secure today that you are secure tomorrow. These are all common mistakes that companies often live to regret. More often than not, the enemy you are fighting could come from within. Insider attacks can be very catastrophic since they take time to detect.
Cybersecurity solutions evolve with time; your company needs to keep abreast with the changing trends in cybersecurity. The security systems that worked well for you yesterday may be incompetent for today. So, don’t trust your systems 100% — hackers keep learning how to outsmart their targets.