Well, let’s think about this for a bit. Virtually all business run on data, particularly in the US. Data of employees, data of customers, financial data, data on strategies and planning, procedures and policies, marketing data, and on and on. We know this data has to be protected. And we do protect it well sort of. We have a firewall, that we bought; oh we really don’t know where. And we really don’t know if it is effective. We may have some password rules and procedures on our servers, and users are required to have maybe some antivirus and anti-malware protection on them. We may even be advanced and have an active device that looks for threats in our network like an intrusion prevention solution. These may have been installed by your IT guy if you have one. Or maybe a security vendor or a subcontractor but that is somewhat average for the typical corporate IT system and its security.
Needless to say, this is simply not enough. The average American corporate IT is really only implementing the most basic, rudimentary, and many times outdated, security for their system. And the scary thing is the bad guys, the black hats (the guys that are after your data and your livelihood) they have the latest and the greatest. And they keep updating it and refining their technology and skills. While we occasionally get contacted by a vendor. They are usually just trying to sell us a newer version of what we already have. But we really don’t do much about this situation because we are too busy. Or we are understaffed and can barely keep up with the IT workload we currently have. And if we do the IT guy is not a security expert so he does his best and we, in turn hope for the best. Or even worse we don’t even know and we’re just blindly trying to protect ourselves.
But how are you supposed to know who’s going to help you? Do you use a qualified experienced security vendor to help you evaluate and implement a good security solution? A security consultant or a security company? Even more important. What is your security posture? Because this is what got you into this weakened state in the first place. Your security policies are probably not defined and given much attention. What about your security policies? Do you have any? Have they been attended to by high-level people in your company to make sure you are air tight, effective, and protective? This is why a competent security vendor can help. They will help you prepare your company for a host of potential security threats out there. And they cover all the areas we just talked about. Don’t wait until an attack to do something about it.