Why a little knowledge is anything but dangerous when it comes to digital security
Having skilled, knowledgeable, well-trained digital security experts – and individuals who can act as ‘cybersecurity champions’ around the organisation – is essential if you want to make sure that your protection and policies keep you safe. To ensure your systems and data stay well protected, you need to have good cybersecurity solutions in place, and you need to make sure they are up to date. You also need to make sure that you have a robust security policy and that staff are aware of the importance of enforcing it. But it is also essential to have the right people, with the right level of expertise, in the right places. This might sound obvious, but it is all too easy to overlook the need to have, not only individuals within the IT team who are really switched-on when it comes to digital security, but also people right across the organisation, in different departments and locations, who have a good level of knowledge and can act as your ‘cybersecurity champions’. Having smart people makes a difference in two important respects. First, security systems need to be properly and professionally implemented; second, they need to be watched over by people who have some idea know how to spot and react to suspect activity. Lack of awareness Being able to set-up security systems and services properly is vital of course, but it can’t be taken for granted. With many organisations now adopting a hybrid approach to IT, making sure all potential vulnerabilities are addressed is more challenging. Research conducted for McAfee’s Cloud Adoption and Risk Report 2019 found that, on average, enterprises using IaaS/PaaS have 14 misconfigured services running at any given time. With respect to monitoring for potential breaches or weaknesses, the IT team will always be on the look-out, but they have to watch the entire network. This is why it’s also important to have staff around the organisation who have some knowledge of how to pick up on potential issues. These individuals should have a good understanding of security strategy and policy. This will allow them to act as ‘cybersecurity champions’ for their area and ensure that everyone in their department or location is aware and alert to the dangers. They should also know how to respond when a cyberattack or a breach is suspected or detected, without causing major concern or disruption. Regular updates For both the IT team and the cybersecurity champions, training and regular updates are essential. The threats and the methods used to infiltrate systems are always changing, so their knowledge needs to be updated from time to time. On a wider perspective, it is also important to ensure that all staff understand and buy-into the security policy. They need to know that by doing simple things properly, such as following the rules for setting passwords and dealing with unsolicited and suspect emails, they are contributing significantly to managing risk. It’s a good idea to make the communication of security essentials as pragmatic as possible, so staff understand the real-world importance of what they are doing. Most people just want to get on with their work and would prefer it if someone else took responsibility for digital security. But this is one area of IT in which ignorance is anything but bliss – in fact, it’s very dangerous. When it comes to cybersecurity, a little knowledge is most definitely a very good thing indeed. To find out more on SCC’s Security offerings please click here.