Improving Operations Agility - A Silver Lining From 2020
Just like everyone else, DataSure24 is pleased to be saying good riddance to 2020. But in a resolution-ary January, is there any room for optimism? We are adaptable beings no doubt, but this year may have been one of the most challenging in our lifetimes. Our staff is fortunate to have an I.T. background in our Security Operations Center, which certainly gives us an advantage over most businesses in Western New York. DataSure24's Security Operations Center continues to meet weekly to discuss current security news, new threats, and significant security events from the previous seven days. Without realizing it, we have gone from about 75% onsite attendance to completely remote Microsoft Teams based conference calls; but we too had to adjust on the fly.
Since March, there has been plenty of practice for everyone being compliant with policies set that are subject to change and sometimes open to interpretation. It has not been easy, but it has sharpened our senses in our ability to be flexible with little notice. Most, if not all companies, have had to adjust their processes and procedures in response to the challenges presented this past year. When it comes to data security, is there an easy place to start?
Here are just five places you can start:
1. A work from home security policy, or set of instructions, rules, and overall procedures.
2. Security Officer – a designated person that can oversee, perform reviews, and offer solutions.
a.) should be independent of your IT department.
3. A listing of acceptable devices, reviewed by a senior security officer
4. Are the approved devices running an accepted operating system and version, are the systems updated/patched?
5. Are the devices password protected – phones, laptops, tablets.
6. Dual-Factor Authentication – most people do this for some other service, making it simpler to institute as policy.
7. Password Manager – there are free options such as Dashlane, Roboform, Lastpass, and more.
It surely helps to have outstanding personnel during a pandemic as far as trust in task completion and efficiency, not to mention common sense when it comes to data security. The truth of it is, even IT and security companies can experience their own demise if they do not maintain alertness and readiness to a constantly evolving threat contingent. Most compromises happen because of a human and most are not intentional. The best you can do is tighten the locks on every door and window possible.
That is what the list provided will do. Though it is important to keep in mind that it is impossible to be 100% secure as no entity is completely invulnerable to being attacked successfully. There is always more that can be done to lower the odds of having a (data) security event. What we have seen in our interactions & consultations, albeit remotely, is an overall improved awareness and respect for such an event and the consequences.
This shakeup in routine has revived a sense of urgency in other areas outside of public health (with data security health), and that is one piece of good news that we will gladly take away from 2020.
Start somewhere, review and revise your plan as much as possible and stay vigilant. The best way to handle a security incident is to be proactive with your data protection measures so that it doesn’t happen in the first place. As our team continues to adapt to these changing times, our 24-hour staff is working to stay one step ahead of the curve so that our clients know how to stay protected and exactly what to expect during these unexpected times.