IT & Security? Not The Same Thing

Every company should have someone managing their IT, whether it’s an internal person or you hire an IT company to handle it for you. 

Every company should also have someone managing their security.

Because security and IT are not the same things. 

Think of it this way: While you work with a general contractor to build or remodel a house, it’s the architect that designs a safe one. 

When you’re in IT, your job is to build systems and maintain them. When you’re in security, your job is to look for all the ways that the “bad guys” might get in.  The two fields have some overlap, but they’re not the same.

Here’s an example. We brought in a new client and, as we reviewed their systems, we discovered one of their computers was actively under attack. 

It turns out their IT company punched a hole through their firewall to allow a particular type of traffic to a single computer. They didn’t realize that doing this would jeopardize the entire system and network. They weren’t thinking like security people, they were thinking like IT people. Someone had a problem (they needed remote access to a computer) and they solved the problem by giving it to them. Insecurely. 

In the corporate world, security professionals are the folks who assess the risk of decisions and find ways to do things securely; IT professionals are the ones that implement them.

I mention this because a lot of companies believe they’ve got their security covered because they have someone handling their IT. Unfortunately, this is usually not the case. And I’m not trying to slam IT professionals, they’re awesome and I was one for a very long time. But we all see the world through different lenses, and we have different training, experience, and focus.

Your company needs someone managing your IT and your security. If you don’t have someone dedicated to looking for the things that can go wrong, you don’t prepare for them. And if they do happen, you’re suddenly in what can be a very serious, if not catastrophic situation.

Here are 4 tips to keep your company’s systems secure:

  1. Think about security in every aspect of your business early and often with every project you develop, including websites, apps, networks, platforms, products, etc. Engage a security person to help you think through all of your systems to avoid situations that could harm your company, your customers, and others.
  2. Ask questions to understand how your systems are secured.
  3. Be prepared and have a plan. What will you do and who will you call if your systems have been attacked or breached?
  4. Train all of your employees to think about these issues, so they recognize them if they happen. Humans are the first line of defense!

More Like This

DMARC: Secure Your Domain with Email Authentication

In a world where email communication is essential but also vulnerable to cyber threats like phishing and fraud, DMARC emerges as a crucial tool for safeguarding email domains. DMARC, or Domain-based Message Authentication, Reporting, and Conformance, acts as a virtual guardian, verifying the authenticity of emails claiming to originate from a domain. By implementing DMARC, domain owners can prevent unauthorized use of their domains and protect recipients from malicious emails.

Read More »

Subscribe to our newsletter for the latest Geek Girl Tech news & updates!

Finally, DIY security for all.

Learn how to keep your business safe by joining the waitlist for our DIY Security offer – coming soon.