Security isn’t simple anymore. Arguably, it was never simple to begin with, but there’s no denying that keeping your technology environment secure and your sensitive data safe is much more complex now than ever before.
If you’re trying to get your bearings with security issues, you may be overwhelmed. There are so many things to evaluate and determine if they’re right for your organization. You can’t just deal with each of the multiple aspects of security once and then never return to them, because a strong defense is a constant, ongoing undertaking.
At OXEN, we’re passionate about security awareness. In our mission to improve organizations’ security, we break it down into three key areas that make the problem more approachable. What are these three key aspects of security? People, Policy, and Perimeter.
You’re probably familiar with the Perimeter aspect because traditional security measures focus on it. Firewall, anti-virus, network monitoring, and data backups are all solutions aimed at protecting your network’s perimeter.
But what many organizations have learned is that perimeter security measures are not enough. They’re easy to poke holes in if you aren’t addressing People and Policy as well.
For example, an unsuspecting employee can let a malicious virus into your network simply by opening an email attachment or visiting an unsafe website. Firewalls and anti-spam email solutions are not 100% perfect all the time. If a single malicious email gets past your perimeter defense, only your well-trained people and your policies stand in the way.
The People aspect of security focuses on using your staff as a “human firewall”. Educate and train them to recognize threats and deal with them appropriately and promptly. This aspect encourages you to look at your organization’s culture and see if it encourages security awareness. Do people know what to do when faced with a possible cyber attack? Are they rewarded for doing the right thing?
The other aspect is Policy. Security-related policies are written documents such as an acceptable use policy for how employees can use the organization’s network and devices. They’re also processes that define and enforce steps that keep your security tight. For example, your process for handling the resignation or firing of an employee should include well-defined steps for shutting down their access to the company network and any logins for company-held accounts. These sort of policies and processes are usually not thought of until something goes wrong – then you wish you’d had them all along.
People, Policy, and Perimeter are complementary areas of security that together create a strong defense for your organization. If you’re not sure where to go next, assess how much of your existing defense falls into one or more of these areas. Are most of your security measures only addressing your perimeter? Then maybe it’s time to shore up your People and Policy areas.
It’s 2018 and you can’t just choose one area to focus on though. All of them are critical. Security is challenging. Don’t let lack of expertise, training, resources, or time prevent you from implementing the solutions that you really need though. We’re here so you don’t have to figure it out alone.
You can head to our Security Services page for resources, tools, and a complementary consultation to get you started.
- Ready to jump into the People area? Check out our free IT Security Awareness Training for your staff.
- Curious about building better Policies? Our Breach Prevention Services provide a Security Portal with multiple features, including sample security policies to get you started.
- Still concerned about your Perimeter defense? We can provide performance and vulnerability assessments that can help you analyze your network and which vulnerabilities to address next. Contact us today to learn more!