CEO series: Are there any consequences for ignoring IT security?
(Last updated on May 3, 2019)
Are there any consequences for ignoring IT security?
A month doesn’t go by without new reports of companies and organizations suffering from data breaches. Unfortunately, this is just the beginning. The frequency of data breaches is on the rise, according to many analysts.
Everyone agrees that IT security is important, but still many organizations fail to do enough. What happens when security is compromised? Far too little in my opinion. Regulations, and the consequences if you fail to follow the regulations, haven’t kept up with the speed of digitalization. Organizations skip fundamental IT security measures year after year.
What’s missing from governmental and standards bodies today is consequences. The only consequence that has any impact is whether or not the company, organization, or individual, makes media headlines due to their security missteps.
The lack of regulatory consequences means that organizations must proactively tackle IT security issues. My best advice is a reminder that it’s the small details that make all of the difference. Many focus on the large, complex IT projects. But security holes are often small and best tackled by focusing on the small foundational aspects of security. It’s the foundations that protect an organization from a data breach.
Most data breaches start when an attacker compromises an employee’s identity. This is also the best place to start when preventing data breaches. In an earlier blog post I mentioned a simple health check that shows the level of password protection your password policy provides against cyber-attacks and how to check if your email addresses and passwords are on leaked lists.
Ignoring security vulnerabilities should have serious consequences, even if it doesn’t become a media scandal. There are some governmental agencies drafting regulations and good recommendations that you can proactively follow. For inspiration I recommend the requirements from the National Institute of Standards and Technology (NIST) as defined in their Digital Identity Guidelines or the National Cyber Security Centre in the United Kingdom, that provides tangible cyber security advice for companies and individuals.
With just a few simple steps, you can avoid 80 percent of data breaches – so, what are you waiting for?