If it feels overwhelming, start small.
When I work with companies , the first thing I like to do is create an environment of open sharing of information, obviously this should be a limited group or trustworthy individuals, and begin by asking questions in order to gather information.
In the context of a Security Assessment, for example, I start by asking a bunch of questions. And right off the bat, based on this input and information, I am able to provide solid advice that's helpful, useful, and actionable.
In my experience, some basic information and tools can deliver an extremely high payoff.
For example, you may have certain settings on a particular server and because they have been that way for many years it may have never dawned on you to change it. Based on the information we have gathered, as well as changing environments, I may recommend you change them.
Or perhaps you don't have any policy in place to address information security. We can absolutely recommend a good place to start. You don’t need to reinvent the wheel, you don't need to spend a fortune, there are basic things you can be doing to at least start increasing your security. Some smart first steps I recommend is taking advantage of Center for Internet Security (CIS) Controls and instituting multi-factor authentication (MFA) which can automatically reduce your risk of intrusion by over 80%.
The truth is that you can be proactive and still have an event. And the end result could not only involve a loss of confidence, but the loss of business and the loss of your good reputation. It may be enough for your customers to choose to do business elsewhere instead of with you. Now more than ever, we need to take cybersecurity seriously.
Once you’ve addressed these issues, you’ll want to look at who has been assigned responsibility to manage your security and what simple protocols are protecting your security.
Part of my passion for security awareness is helping the industry understand how they need to think about security. It needs to be a dedicated function. The topic is a very broad one. It's often been joked about being a mile wide and an inch deep. But security is not a one-and-done thing. The people who are involved in information security need to be vigilant about continuing education. I have a Certified Information Systems Security Professional (CISSP) certification which is an information security certification for security analysts. I recommend encouraging your team earns these credentials as well as a CISSP will assure that they have what it takes to effectively design, implement, and manage a best-in-class cybersecurity program.
If you aren't sure about internal bandwidth or you want a stronger, more aggressive, approach outsourcing your security to cybersecurity experts can offer you the support to address your most challenging data protection problems at any stage of the security management lifecycle.
An IBM i Security Specialist can assess the effectiveness of your system's security through:
Certified security companies, like Briteskies, can evaluate your IT security infrastructure and identify the best way to set up threat remediation and disaster recovery plans. We work with clients to improve their overall information security posture. Our goal is to help clients safeguard their systems from internal and external threats. We're all in this together and a more secure business makes for a safer cyberworld for all of us.
Looking for more security information?
Visit our IBM i Security Resource Page
Read Ask The Expert Vol. 1: How Should I Manage My Network Security
Learn More About Our Security Assessments
As an experienced IT and security professional with a broad range of business experience, Robert is a key player in our customer-centric team. With nearly 30 years of experience, he has championed information security as the forefront of every IT client’s needs. He believes that an effective security program is an “arms race” and good communication is a must at every level of an organization. Robert brings personal integrity and a personal toolset that includes attention to detail, a mindset for never-ending learning, and strong people skills.
No Comments Yet
Let us know what you think