Why it is Important to Manage Your IT Security


Why it is Important to Manage Your IT Security

Rogue ‘actors’ are using the remote agents provided by your information technology (IT) service to attack your business. It was only a matter of time! 

So, what’s the background. IT service providers use remote tools to support the systems that business use. These tools can help users contact IT support. Right through to monitoring the operation of the physical hardware. These tools provide significant benefits to the IT business. They reduce the cost of delivery and increase revenue for the IT service providers.

These tools are usually part of any service provider solution. You may not even remember that you agreed to the tools being used in your business. It doesn’t matter how small the provider is; most use some sort of remote support tools.

These tools come from what IT calls ‘Professional Services Automation’ (PSA).  Some are based on single-function tools like remote support or virus or spyware tools. Any ‘agent’ that is delivered by a hosted service through a PSA supplier is vulnerable.

 Why is it important to manage your IT security?

  • Protect the trust of your partners.
  • Secure your intellectual property (IP).
  • Let clients know you value their business.
  • Adds to the business competitiveness.

An efficient and effective business needs to:

1. Have a security statement for your business.

2. Know who accesses your network and how.

3. Action lost or stolen passwords.

4. Know what services are being done from the outside.

5. Keep your partners aware of your network security.

In order for you to get the best results from the policy document.

What is the business owners responsibilities?

Well, you need to have a policy! The policy needs to describe the ‘what’ and ‘how’ an IT service needs to works with your business.

Now, this is not a 10, 20 or 50-page document that sits on the office shelf gathering dust. The document needs to be about two pages; one page to identify the areas when your business information needs and the second page for what are the actions and how the action is to apply.

A recent discovery of a problem has prompted responses from security agencies. In Australia, it is a division of the Australian Signals Directorate, the Australian Cyber Security Centre (ACSC)

How to create a security culture in 3 steps.

Step 1: Assess.

  • Software.

What is used or needed in the business; desktop/server, accounting, staff management, and human resources. How are customer communications, product supply, and distribution delivered?

  • Storage.

Types of technology; desktop/laptop/tablet/smart device. On what platform are your internet services? Possibilities include wide area networking, mobile broadband or shared private. Where is the data for your business needed and located, in-house, cloud or hosted application?

  • Security.

This is a risk assessment activity. Different industries may come under automatically the Notifiable Data Breach rules. Other industries, the information you hold about clients which is important. What software you use and where your data is held from the above software and storage points is useful in this process.

Also, what’s required: Who installed and manages your network security? What virus and browser is in place and who manages the service? Does your business provide training and coaching?

Step 2: Align.

  • Purpose.

For each of the 3 Assess-ed areas, how are the services, tools, and data used to serve the business?

  • Function.

Which of the Assess-ed areas components deliver key operational services.

  • Integration.

How do the Assess-ed components integrate with the business processes? Which are the most automated or need manual actions.

Step 3: Apply.

  • Priority.

This is a function of which security components are needed.

  • Delivery.

Describes who is responsible. What components are delivered and who is responsible?

  • Measure.

Measurement of the performance of the components. Show the results of the performance of the services delivered. What are the industry benchmarks for the services?

What to do next.

Review the documentation from the ACSC. Concentrating on the “Questions to Ask your Service Provider“. These will also apply in-house if you are securing your own business.

The problem with ‘self-management’ is keeping up with the current incidents.

The key factors:

  • Your best practice.
  • Access to your systems.
  • Social engineering of your staff.
  • Backing up your data.
  • Knowing how to report your incidents.

Further information on self-managed alert services and best practice updates can be found at Australian Signals Directorate site.

If you would like assistance with your business’s policy please feel free to visit my website where you can access a free copy of my self generating 2-page policy template.

Views All Time
Views All Time
Views Today
Views Today

“The opinions expressed by Smallville Contributors are their own, not those of"

Recommended Posts

Leave a Comment