Every company should have someone managing their IT, whether it’s an internal person or you hire an IT company to handle it for you.
Every company should also have someone managing their security.
Because security and IT are not the same things.
Think of it this way: While you work with a general contractor to build or remodel a house, it’s the architect that designs a safe one.
When you’re in IT, your job is to build systems and maintain them. When you’re in security, your job is to look for all the ways that the “bad guys” might get in. The two fields have some overlap, but they’re not the same.
Here’s an example. We brought in a new client and, as we reviewed their systems, we discovered one of their computers was actively under attack.
It turns out their IT company punched a hole through their firewall to allow a particular type of traffic to a single computer. They didn’t realize that doing this would jeopardize the entire system and network. They weren’t thinking like security people, they were thinking like IT people. Someone had a problem (they needed remote access to a computer) and they solved the problem by giving it to them. Insecurely.
In the corporate world, security professionals are the folks who assess the risk of decisions and find ways to do things securely; IT professionals are the ones that implement them.
I mention this because a lot of companies believe they’ve got their security covered because they have someone handling their IT. Unfortunately, this is usually not the case. And I’m not trying to slam IT professionals, they’re awesome and I was one for a very long time. But we all see the world through different lenses, and we have different training, experience, and focus.
Your company needs someone managing your IT and your security. If you don’t have someone dedicated to looking for the things that can go wrong, you don’t prepare for them. And if they do happen, you’re suddenly in what can be a very serious, if not catastrophic situation.
Here are 4 tips to keep your company’s systems secure:
- Think about security in every aspect of your business early and often with every project you develop, including websites, apps, networks, platforms, products, etc. Engage a security person to help you think through all of your systems to avoid situations that could harm your company, your customers, and others.
- Ask questions to understand how your systems are secured.
- Be prepared and have a plan. What will you do and who will you call if your systems have been attacked or breached?
- Train all of your employees to think about these issues, so they recognize them if they happen. Humans are the first line of defense!