I’m sure you noticed this, but there were a lot of security breaches in 2014. You can read a list of the worst breaches here, but I’m sure you know of at least a few just from general media. Your online security goals need to be stepped up if you hope to protect your business. The odds are good that cyber criminals just haven’t bothered targeting if you weren’t hacked and don’t have these plans in place!
The amount of data up for grabs in businesses with poor online security goals is vast. Protecting it is what your customers are counting on!
5 online security goals for your business
1. Appoint a single, knowledgeable, senior member of staff to oversee everything
You may have already done this, but you may not have done it well enough. You likely have someone who heads the online security/IT department. Does that person have sufficient authority to to make changes in other departments?
Online security goals aren’t met entirely by your IT team. They are goals which must be undertaken by everyone in your organization. Make sure that the person in charge of your online security goals is:
- High ranking enough to give direction to other departments
- Getting attention and support from senior management and owners
- Actually being listened to when recommendations are made, higher ups may need to step in if not and reinforce direction
- Supported by an owner who actually cares about your online security goals
If you came up with ‘nos’ on any of these points, they have to be looked at first. You can’t get change in a modern organization from the bottom. Your online security goals must be supported by management, ownership, and those giving direction to all below them.
2. Give senior members of staff the knowledge they need
It’s great to have senior staff that can answer ‘yes’ to all of the above points. But to have all of your senior staff members engaged and knowledgable leads to even better results.
They don’t need to know every aspect of your online security goals and their implementation. But understanding basic tools that are being used, like encryption, VPNs for communication, and hardware being implemented, makes for better environments. Once they understand how online security measures are taken, they’ll be more open to spending and continually implementing.
Besides, who amongst the senior leadership of a company want to be blind to an important aspect of their customer’s experience? None, in a responsible business. Ignorance can soon lead to frustration, and that can lead to programs being cut and online security goals not being met.
3. Hire an independent firm to do an online security assessment
You’ll never know how well your online security goals are performing until they are tested. I’m going to assume that you’ll want to be tested by someone who isn’t looking to steal your data! There are many security firms out there who can do an assessment via penetration testing. They can also look over all of your plans and offer advice on where you can improve.
Again, this is not a meeting for the IT department to have separate from the rest of the organization. Make sure that senior members are involved in meetings, and relay findings that are relevant to other departments.
If you don’t know where to start with this, read this thorough article on the subject to learn what you need before you even start looking for a firm to hire.
4. Create an online security team across your organization
When I was younger I was still interested in protecting people. At the time, I wasn’t involved in online security goals at all. I did what I could and joined the Health and Safety team, later leading the team. It was made up of people from many different departments in our warehouse, and brought up many good points about concerns people had.
This same sort of team building will help your IT team build a complete plan. Think of them as your Online Security team. Have them meet regularly, once a month should suffice, and allow for the free-flow exchange of ideas. You never know where someone might spot a weak link in the implementation of your online security goals, and digital security in general. Your goals should include plans for your POS sales terminals just as readily as a complex firewall.
5. Reach out to others in the online security industry
Staying up to date with the online security industry is the only way to make sure that your online security goals are up to date. Can you imagine if you hadn’t found out about the Heartbleed bug right when it happened? Maybe you didn’t….
You can do this the easy way by following important security professionals on Twitter. There are also more involved ways for members of your staff. The person from point one, who you have appointed as the lead for your online security goals, should look into joining a group like the International Association of Privacy Professionals, or ISSA.
Joining these international groups of security professionals keeps your team apprised of issues directly, rather than waiting for things to happen on Twitter. Not only this, but there will be networking opportunities opened up via events and meetings. No online security team should work in a bubble, this is a way for yours to break out for the benefit of your whole organization.
Feature image via Tashatuvango / Shutterstock