For this second installment of my three-part series, ”The 3 P’s of your Company’s Security,” let’s look at Products (the first piece discussed People: www.securityinfowatch.com/12094874). As the three Ps of security begin to align — you must have the right “people” in your professional network in order to ensure you have access to the right “products.”
In thinking about how to make our workplaces more secure and mitigate security breaches at our companies, the “product” portion is probably the thorniest part of this discussion. What products and services do we need to employ to better protect our own company? Equally as important, what do we need to know about the security of the products and services we sell to our customers? To sum it up simply, we need to surround ourselves with both trusted advisors and trusted providers.
In the not too distant past, when we talked about a company’s security product requirements, it was almost always a physical security discussion. We needed products that would protect the actual company premises and what occurred within the four walls of the physical building and possibly the parking lot. Security concerns for our own companies basically stopped at our front door. This is no longer the case. Our security concerns extend far beyond the things we can touch and see — they extend virtually anywhere and everywhere.
With the advent of networks and the Internet, the first group of cyber products tended to be all about locks. As Forbes writer Dan Woods put it: “The idea was that a firewall would lock out or stop those you didn’t like from getting access to stuff they shouldn’t be able to see.”
Things today just aren’t that simple. Protecting your company is much more than just firewalls and antivirus software. “Today’s threats come from very advanced, highly-skilled, sophisticated bad actors,” Woods says, adding that to be risk-responsible, “you must develop and maintain a comprehensive cyber security system.”
Investing in Trust
To accomplish the goal of comprehensive cyber security, surrounding yourself with trusted advisors and trusted providers is absolutely key. As a sales manager, my team and I often talk about aspiring to this status in our relationships with our customers. The same concept applies when it comes to seeking cyber product and service vendors ourselves.
Finding experts that you can trust, understanding their input and taking action to make the right product decisions is vital to a company’s continued success. If you don’t currently know of any such experts, look to your peers and other professionals you trust within the greater security community. Who are the thought leaders and educators on cyber? The names that you see in articles, blogs or speaking at industry events are great places to start. Work with known trade groups, industry experts and cyber solutions providers to help your company conduct a thorough security risk assessment and begin to develop an action plan based on those findings.
A recent quote from noted trusted advisor, David Willson, Esq., CISSP, of Titan Info Security Group summed it up best: “As a business owner, CEO, president or board of director, you must look beyond your network, understand your own company security and make sure your connections and those with access to your data are protected. This requires asking vendors and others point blank, ‘How good is your security; what steps have you taken to protect data; and when was your last security assessment or audit?’ If they are not willing to answer these questions or do not do so to your satisfaction, find someone else to work with. Remember though, you may be asked the same or similar questions to get your house in order.”
Next month, I will look at profitability and why it is not just a health indicator of your business, but a security one as well.
Ric McCullough is vice president of sales and customer service for PSA Security Network. To request more information about PSA, visit www.securityinfowatch.com/10214742.
