Data security is top of mind at the moment. Based on my recent client experiences, most SMEs are focused on the “security perimeter” and keeping people outside the network. But in these days of BYOD, wireless, USB memory sticks and in some cases, open and unmanaged endpoints, the vast majority of threats are likely to emerge from inside the network.
Check out this great article about data security assessments for mid-sized firms, by Lenny Zeltser.
According to Lenny, the network perimeter is only one of 5 key areas that need to be assessed. What I know from my own work with SMEs is that data security is essentially a risk/convenience trade-off and the default typically lies with convenience. But with some experience and expertise, you can go a long way to reducing risks without significantly compromising convenience.
Whilst you can’t just look at the network perimeter, there are a couple of paths that SMEs can take to reduce data security risks:
- Develop a risk management framework that is tailored to your organisation and where you want to be on the risk/convenience curve
- Have internal conversations about acceptable tolerances and the economic impact of potential security (or operational) threats; then implement solutions that can generate a positive ROI – and are not just “security for security’s sake”
Feel free to contact me at any time if you would like some more information or to discuss how to get started with your own data security risk assessment.