The same way that we listen to accountants, solicitors and motor mechanics, the digital security expert has an important role to play in supporting your organisation.
Digital security is becoming one of the most important areas of modern business.
For some reason we believe technology in business is easy. So easy in fact, that we just install it and forget about it.
Anyone can do it.
Like other professions what you do and what you can do are total opposites. An accountant, for instance, can make you more money by legally changing your tax requirements, or a solicitor can get you a reduced fine or jail sentence better than you could if you were representing yourself.
So a digital security expert can make your organisation more secure because they have studied business and technology, but more importantly they have a better understanding of what the bad guys are doing.
Here are 17 ways that a digital security expert can make your organisation more secure:
- They study the bad guys – being a digital security expert is not about selling the next best thing (if there is such a thing). Being a digital security expert is more about understanding your enemy. The more you study the cybercriminal the better you get at predicting their next move and being able to be one step ahead.
- They keep abreast of what the bad guys are doing – digital security experts use the same world that the cybercriminal uses to perpetrate their trade. They are in the dark web, watching, recording and documenting what the bad guys are going to do next.
- They understand business requirements – what most people do not understand is that the digital security expert has to understand business. They have to understand marketing, management and cash flow. They need this information to ensure the recommendations that they give to their clients will not impact their business, or have minimal impact on the way business functions.
- They understand technology – in most cases a digital security expert is at the same level of technology understanding that the bad guys are. To ensure that your business is not vulnerable to a cyber-attack they have to know the technology to ensure it is safe.
- There is no such thing as being too small to be a target – if you have a digital footprint,(yes we all have one) no matter how small, then you are automatically a target of cybercrime. If you have a smart device, an email address or an Internet connection then you are a target.
- There is no such thing as 100% secure – against popular belief, there is no such thing as being totally secure. The digital world is ever changing, so are the tactics, strategies and targets of the cybercriminal. There is always someone else out there who knows that little bit more.
- Everyone is a target – if you have a smart device – you are a target. If you have an email address – you are a target. if you have a web site – you are a target. The larger your digital footprint the bigger the target you are. The more your footprint will be targeted by the automated systems that are sold by the criminal gangs.
- Technology is not the only answer – there are four components of being secure in the digital world. Technology is one of them. The other three are management, adaptability and compliance. All four components together make a more secure environment than just technology alone.
- People are your best defence – your staff and users can be either your best Defence or your biggest problem. If you educate them with proper digital hygiene then you will not only get them to protect themselves but also the flow on effect is that they protect your organisation.
- Complex, unique and long passwords are good for business – we all hate these. To access the digital world we need a username and password combination. The more we rely on the digital world the more important these components are. All passwords should always be complex (letters, numbers, symbols, capitals), more than 8 characters long and they have to be unique for each site. That’s pretty easy isn’t it?
- Penetration testing will prove you have it right – penetration testing is one of the best ways to test your defences. Penetration testing should also be carried out across all components of the business. From websites, to cloud Infrastructure, from social media to smart devices. A contracted penetration tester should have carte Blanche across the whole network. You are not on a witch hunt or targeting the IT department, you are finding holes in your organisation and finding ways to resolve the risks before you are compromised or hacked by the bad guy.
- Think when using social media – social media is great. It is also one of the best systems used for social engineering by the bad guys. Information that is posted to social media sites is there forever. Educate your staff about the dangers of social media. Put a social media process in place to ensure that trade secrets and intellectual property is not posted out there, and each post is checked before going live. In the heated exchange of a social media discussion, think before posting.
- Get paranoid – paranoia is the understanding that everyone is against you. In the digital world this is truer than our normal world. Does that make you paranoid? Not really but having the understanding that everyone in the digital world is out to get you makes you more secure.
- Use common sense – everyone remembers the old Nigerian Prince scam, people are still getting caught by it. There are a number of things to remember on the digital world – if it is free then it is not (you always have to give something to get something), if it’s free it could be infected with malware, if it’s free somewhere along the line you will have to pay a lot more than what you expected. Using common sense to make that decision is critical.
- Email is a broadcast medium – We often forget that although email is targeted, sent specifically to individuals or groups of people, it can go astray. It could be sent to the wrong person via the email fields being filled in automatically. Email can also be forwarded, printed and scanned, sent to people who it was not intended. Like all types of communication be careful with email.
- Digital security is a whole of business endeavor – we are constantly told that digital security is an IT problem. No it’s not, it is a whole of business endeavor. Everyone and every department has an impact and input on the digital security of the organisation.
- Have a mantra – I have a mantra “digital security is my problem”. What that means is that I take personal responsibility for protecting myself and protecting others. The more people who change their attitude to this mantra the more secure your organisation will be
A digital security expert can and will make your business more secure and like any other profession, what they bring to the table is well above normal expectations. Like accountants and solicitors their expertise can save you substantial amounts of money, sleepless nights and angst, just by them doing their job.
Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME digital security framework. He is a Speaker, Author, Teacher and educator on cybercrime and how to protect yourself from the digital world.