Security is a really hot topic right now.
Events like NHS cyber-attack in May, remind us that security must be an intrinsic part of each and every technology implementation.
Deciding on the right level of security for your business can be an emotive topic which may increase the stress levels of already busy people, and most will immediately think that the right technology will solve their security problems.
However, security is not just a technology discussion; security is a business discussion.
I am not going to recommend a specific software, hardware or process to solve your security needs. I would like, instead, to give you my perspective, a high-level observation, which can help you make the right choices; and here is the first thing: deciding on the right security solution is a compromise.
Also, you will not be deciding whether or not to protect your system from cyber-attacks, you will actually be making decisions about the right the level of risk, the cost of the solution and ease of usability of the process. You will be making a compromise.
For example, you can have a high security with the low cost if you disconnect all your devices from internet and power and lock them in a safe; great security – unusable business solution.
Realistically, you will need to consider risk, cost, and ease of use jointly to decide upon the optimal blend for you and your business. These considerations need to be made across all areas of your business.
What is the risk level I/my company can accept in a particular area?
What is the cost level I/my company can accept in a particular area?
How easily will this integrate into existing procedures?
The complexity of the correct solution becomes even greater as you also need to evaluate security risk in your specific business in conjunction with three more areas: technology, process and people.
Any solution also need to work in your specific business environment where you might have different people using the same technology for the same purpose, or the same people using different technologies for different purposes, the permutations are almost endless, and when coupled with a diverse level of security awareness within your team you will quickly see that there is no “one size fits all” solution.
It is common sense, but not always common practice.
Security is a risk evaluation decision.