Physical and cyber security are pressing concerns, not only for CIOs and business owners but also for people working in development. It’s the law of gravity at work. What presses on leadership and stakeholders ultimately places pressure upon us.
We could grumble and complain, or we could take a proactive approach. By learning about the security concerns, we’re able to provide and manage solutions that better meet needs and better mitigate risk.
According to Cyveillance, a thought leader in cyber security since 1997, those concerns are generally three: external threats, internal threats, and the link between physical and cyber security.
Let’s look at each in more detail.
External threats may be fairly obvious. One part of it is hackers and malware mavens. It’s the bad actors who spend their days, and perhaps nights, devising new ways to attack a company’s infrastructure. Those plans are mostly digital, but they can leak into the physical realm.
The other part is external devices. People are bringing all sorts of devices into the workplace, resulting in the world of “shadow IT.” The action isn’t done with malicious intent, but the devices can be turned into rogue agents by the bad actors.
Tip 1: Use data to identify security gaps, i.e., perform a threat audit. Use the findings to improve infrastructures, processes, and best practices. Then monitor the results and respond to changing conditions as needed.
Tip 2: Know what devices are entering the building. IT should establish protocols and guidelines at the outset. They should also establish perimeters for those devices. For instance, some devices may only be allowed to access the guest network. This is just a starting point; there are other tools out there including mobile device management and application (API) governance.
Internal threats can be done knowingly or unwittingly. The former includes purposeful leaks. It’s the Trojan horse performing its function superbly.
The latter has to do with security practices. It’s easy to forget to use strong passwords or to update them regularly. The same goes for updating software and APIs. The employee has the intention of updating everything and changing her passwords, but she gets busy doing what she’s supposed to be doing: working.
Tip 1: Again, know where data is going and how it’s being used. This requires constant vigilance, but it’s the only way to monitor threats and respond to a security event before it happens.
Tip 2: Work with IT to develop regular meetings about passwords and other security measures. Suggest implementing two-factor authentication where it makes sense. Make updating passwords and apps seamless, for instance, requiring users to make changes before being able to access their accounts. Whenever possible, remove the number of steps needed to ensure safety and security. You’ll quickly see measurable improvement in the adoption of security best practices.
Linking cyber and physical security
If you work in access control or identity management, the link between cyber and physical security is both a given and an absolute must. How can a business promise safety and security if it doesn’t know who’s in the building, where, and when?
Tip: We once again turn to data. By monitoring workplaces with cloud-based access control and video surveillance, data can be harnessed and used to drive decisions. We can identify security gaps and fill them. Businesses can be monitored in order to stop potential security events from ever crossing the physical threshold, breaching the company’s infrastructure, and putting physical assets, employees, and data at risk.
What are you doing to solve security concerns? We’d love to hear your thoughts either here or on Twitter (@BrivoInc).
The post How to respond to tomorrow’s security threats today appeared first on Brivo.