People within management believe that a security policy is this boring mundane obscure piece of minutia that they should do but don’t really want to. They think that “I got a lot on my plate and this is just another inconsequential part of the bureaucracy.” “Besides aren’t we supposed to be streamlining our operation?” Shouldn’t we be more paperless and should we not simplify? Actually, an effective security policy does all of this!
Security Policy Is Essential
A cohesive and effective security policy is the architecture to how you are going to protect your company’s data. Yes, it can get boring sometimes having to put into policy what you want. But if you don’t do this it could mean dire consequences for your companies data. During the 9/11 attacks on the World Trade Center in New York, Mayor Rudolf Guilani had a plan, a plan on how to deal with the disaster. And this was a disaster of unprecedented proportions. It was such a destructive attack that not only did it completely destroy two of the largest buildings in the world. But it also leveled the New York city command center forcing the Mayor and his staff to flee down the street with everyone else.
But they had a plan. They were shaken and dazed and crippled. But at least they knew how to proceed. The death toll was awful, and can never be forgotten. But all you have to do is look at much smaller disasters in other parts of the world. Where they have no plan and no way to respond to know the alternative is much much worse. If there is an earthquake in San Francisco it is a disaster and 100 people may die. They have a plan they can respond. If you have an earthquake in Peru, thousands die. And it takes years to recover.
Don’t Put Yourself At This Risk
Most likely you will never experience anything this severe. But this type of calamity illustrates the importance of being prepared. Don’t be in that situation don’t put your people in that situation don’t put your company’s data in that situation. Be prepared. Be aggressive, be ahead of the game. Sure it’s going to cost some money but the alternative is much more expensive. You should care because this is the responsibility of leading your organization. Yes, it can be mundane, that’s why you utilize expertise to assist. There are two choices be ready, and be safe and when something does happen you can respond quickly and effectively. Or do nothing and we know how that goes. The difference is in most of these examples you will never have to encounter. But in our Cyber world, something will eventually happen. It’s not if but when.