What does your company do to protect you? After all, they hold the key to your life: Social Security Numbers, Addresses, Benefit Information, Bank Account and Routing numbers, etc.…
Yet, the pushback from employees about implementing simple security features such as an automatic idle screen lock after 10 minutes is usually vast. Understandably, it is quite frustrating to re-type that secure-special-character password more often, but it is better than someone taking a look at your saved passwords in your web browser. Who knows, you might be using the same passwords for your Amazon or online bank account. Of course, it wouldn’t even be necessary for someone to search through your computer if you leave your passwords on a sticky note.
What I am trying to say is even simple security measures that might be a nuisance are there to protect you, the customer, and the company. Especially today as cyber criminals became more advanced. Security trends are as fast-paced as fashion trends.
Simple jobs that you have done for years are about to change. Governments, companies, and vendors are starting to recognize the cyber security threats and adapting:
- May of 2018, the European Union’s deadline for the General Data Protection Regulation will be up – requirements such as risk assessments and mitigation. Other requirements include performing due diligence and demonstrating full data controls as well as “the right to be forgotten” for all EU citizens and entities. This affects US companies if they offer goods and services to EU citizens. The General Data Protection Regulations follows the data and not the location.
- March of 2017, the nation’s first state mandated cybersecurity regulations went into effect in New York for financial services. It calls for such things as encryption for all non-public information, multifactor authentication, employee security training, and appointing a CISO.
It would be an oversight to think these security trends don’t affect your company. Clients who have given you jobs (even jobs without sensitive data) might soon be no longer able to hand you the same jobs because they must start holding all their vendors to the same, or new security standards. What’s more, reacting at that point to security trends might not be enough. You could go from spending a couple hundred dollars to losing millions overnight…
There was always this motion of looking at IT (and IT Security) as being an expense. Indications of this usually become evident when senior management focuses on costs over features, service demands increase while IT budgets are fixed, your IT lead is unable to relay information directly to top management, or your IT organization is being pulled into the project on the last minute. But if managed correctly, IT and IT Security should be an investment and a sales tool. Communicate information about projects before they are financed, relay strategic goals and business objectives on a regular basis, and learn some basic IT and security concepts. In turn, educate your IT teams to think “business”. It is usually a tradeoff that needs some fine-tuning.
If this communication is not fine-tuned correctly, a company might be left over with various sunk costs on all ends—redundant workflows with different software solutions or inefficiencies across the board. Think of it this way: you wouldn’t want to spend months trying to win work from a client that has security requirements your company can’t comply with. You’d want to know better, right? Try to sell technology with your products from the start.
Lamar Schadler | MITTERA