No More Secrets


An article on IT Pro Portal by Sarah Lahav, CEO of software and services company, SysAid Technologies, challenges the idea that only high security companies need to guard their secrets.

“So we’re all aware by now that big multinational organizations have to worry about IT security, but what about the rest of us with no real secrets to protect? What risks do we have to worry about?” asks Lahay. “We are all at risk of security breaches, in fact a major breach could be even more devastating for a small organization than for a large corporation. If your customers lose confidence in you, then that could put you completely out of business!”

Lahay points to common problems in cybersecurity, such as ransomware, hackers and data leaks, as well as the legal implications of these risks. The responsibility for these risks lies with the business owner, not the security team, argues Lahey. “You need to decide what you are trying to protect, what level of risk you are prepared to live with, and how the balance should be set between taking risks and going for business opportunities. If you leave all of these decisions to people whose only focus is security then they could make decisions that do your business more harm than good. Even worse they could design and implement controls that are so out of line with how you run your business that everybody ignores them — resulting in all the expense of security with none of the benefits,” she writes.

Lahey spotlights security protocols that should be implemented, such as staff education on process controls (“There’s no point in having lots of great security technology if you don’t use it properly.”), encryption for phones, tablets, Internet of Things, and people controls. Planning security incident response must be done early, says Lahey, as well as documenting vulnerabilities post incident, as well as regular audits of the plans.