How to avoid a data breach or There is always a way round your security, you just have to think like a criminal!

Data security is an essential expense of doing business in the new world.   The cost of implementing the right protective measures far outweighs the cost of recovering from a breach.   An Interesting statistic is that most small and medium business and not for profit organisations only look at cybersecurity after something has happened.   That something can be as small as an internal email being posted on Facebook or a full blown data breach where your Intellectual property has been stolen or you bank account has been emptied.

To avoid being in the situation of playing catch up after a data breach, organisations need to put in place a framework that includes the following components:

  • Technology
  • Management
  • Adaptability
  • Compliance

Each section is as important as the others but having all four components in place builds a robust, stable, secure and resilient environment for the organisation to do business in.   The components protect the organisation from internal attacks, external attacks and basic stupidity.   It builds and creates a holistic (I hate that word – always reminds me of tree huggers) environment for you to do your business in.

So, in most cases there is no play book that you can take your lead from when it comes to securing your environment.   Each vendor has their own version of the supreme widget that will protect your business, but most of them are all focused on that particular niche or two in the security of your business.

One of the supreme problems is that the security requirements change, sometimes daily, but change they will.   These changes can make that supreme widget obsolete, because the criminals including the ones you may have on staff have a way round, through or over the protections it is supplying.

In addition to this, you need to assign important Business resources to keeping up with the changes, implementing better protections and keeping ahead of the rat pack.  Business security is a wholly reactive process.   You cannot predict where the next attack vector will come from, yes you can make educated guesses but at times these could be wrong, but you need to set up the “just in case” systems to protect yourself.

Building better security can protect your business, you client information and your staff.   It can make sure that your system have the right levels of risk management incorporated into them and how you can recover from something devastating happening.

But, and this is a big but, there are always ways around the defences that you deploy.   Just remember how Hitler went around the French Maginot Line, that can happen to the most prepared defences.   The best way to protect your business is to ensure that if one system is compromised that there are other defences in place that will reinforce your protective features.   Your “Onion” has always and will always be your best defence.   Protection in multiple levels, integrated into a complete protective system for your organisation.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.