I know that this sounds like a radical idea, and in the cut throat business world it may not be practical. When it comes to protecting business data and your client and customer information, any help can be a blessing.
IMHO (in my humble opinion) all businesses need help in producing some sort or cyber security blueprint for a business. Yes some business have the internal know how but most do not. The introduction of government compliance requirements, the changes to technology and upgraded risk management processes over the last 10 years have exasibated the internal requirements for small and medium business and not for profit organisations to protect their information. Most of the time they are playing catchup.
The main problem with cyber security is that the bad guys are well organised. Not only that, they are also targeted, numerous and in most cases more understanding of the technology that is being deployed by business to do business functions.
One of the biggest benefits of being organised is that they communicate very well. They use chat rooms, blogs, twitter and numerous other communication systems to keep in contact. They also use these systems to inform the rest of the community about vulnerabilities, attacks and successes. Some are only “counting coup” but others are doing it for philosophical, political or monetary consideration and these are the most dangerous.
So how do the we, the good guys, get organised.
In most cases we need a similar communication system that keeps us informed of changes in technology. This communication system can also use twitter, chat rooms and other Internet components to gain insight into what the bad guys are targeting, what and who they are trying to access and what vulnerabilities and processes they are using to gain access.
I know that most small business owners and management in medium business and not for profit organisations are already toooo busy, much to busy to have this additional time drain on their books but there are simple ways that you can be better informed.
Try to find a custodian or curator of security information. This is someone who is willing to give you the information, pass on changes in the threat environment or blog about how you can protect your business. This information should be available as soon as it becomes available. There is a fine line between information overload and not enough, so you have to put some level of filtering in place and this can be done with the custodian. Not to blow my own trumpet but follow me in TWITTER and I will do my small part to keep you informed.
We also need a whole of business security system that creates a more secure business environment. This makes it harder for the bad guys to gain access to the information that they are targeting. This is an attitude and culture change, it includes the marriage of technology, management and adaptability to create a compliant and resilient business.
This allows a business to focus on business. The resilience created through this process will allow a business to notice internal changes to information and data and make educated and informed choices at a management level on what is happening. These choices can not only solve problems but they can also be beneficial for a organisation by allowing business opportunities that were not seen previously.
Once you know what is happening in the dark and gloomy cyber criminal world, you can keep yourself informed and protected so that they attack someone who is less informed and an easier target. Cyber criminal can be like anyone else, they will always go after the easiest target. This easier target could well be your competition making your business more profitable.