Thursday, October 09, 2008

Blue Suit, Red Cape and Red Boots

No doubt about it, things are getting tighter. Even with the volume off, the TV has a streaming litany of financial woe in a never ending flow from left to right at the bottom of the screen. And you don't need Jim Cramer to remind you, your customers are letting you know, as well as your screaming bottom line

At the same time your work day and productivity is being strangled by more regulation, more rules and more requirements for security. Even beyond the regulatory considerations, you really do want your clients' data as safe as you can make it. It is part of the reason you got into this business, along with the Truth, Justice and American way stuff. But how to catch that speeding locomotive with all these chains around your ankles?

The first step is to develop the security mindset. Like so many other things, security is not a destination, it is a way of thinking. The same instincts and habits that make you rattle the back door after locking up can serve you with many information and data security issues as well. You are not locking the back door because you expect an intruder. You are prudently making it a little more difficult for the eventual intruder that someday will check your back door. Similarly, you are not protecting your data against a specific bad guy, but instead building an array of defenses so as to make your operation as unattractive to data and identity thieves as possible.

Make certain that your employees have a grasp of the basics and are incorporating them into the work day. Passwords should be routinely changed, and not written on post-it notes or shared. Callers who ask for information about internal systems should be clearly identified, or better yet referred to a designated person. That designated person should be the office go to person for all basic security questions, and well-briefed as to possible vulnerabilities and how an exploitation might present itself.

New and even more stringent regulations are on the way. How you keep your client's data safe is going to be a problem that rests on your shoulders. You can spend a fortune building new, secure systems, or you can temper that spending with better training and looking at alternate ways of handling your data, such as on-line hosting, where the back-end security is handled for you. This combination can be a cost-effective way of providing improved security without having to leap any tall buildings.