editione1.0.0
Updated October 9, 2023As well as your personal experience with security, the environment you are trying to protect can change your requirements for security.
For individual security, this means the difference between protecting an occasional internet user from phishing attacks, and protecting a high-net-worth individual while they frequently trade stocks online. This difference in circumstances will change all aspects of your security approach—the risks you face, the impacts if they were to be exploited, and the processes, actions, and technologies you can use to manage the situation safely.
For those of us protecting businesses or other organizations, the field in which we work makes a big difference too. Whether you are in the finance sector or retail, non-profits or high tech—our industry, size, profile, and the types of data we handle will change the risks we face and the standards we are required to meet.
Whatever your environment or context, understand and work with where you are now. By working on the risks and requirements that are truly relevant to you, you are able to focus your time and resources to reduce the likelihood of security incidents in a meaningful way.
As your environment or business changes, the associated risk may change too. Be sure to review your context regularly, and don’t be afraid to change your security approach as the world around you changes. For example, if your organization grows, the risk changes around it.
When we are approaching security for the first time, it can be daunting. Not only is there a lot to think about and cover, but many of the actions we need to take are associated with technologies or technical concepts that we may not be familiar with. Depending on your background and the role you play in your company, these can be a real challenge. It can be easy to dismiss security as something you can handle when you are technical enough or when you hire someone who has that specialist knowledge. In reality, sometimes it’s that delay or reluctance that makes us the most vulnerable. There is no right time to start security or perfect skill set that prepares you for it. The sooner we get started, the more small steps we can take to reduce our risk.
While technology has a role to play in securing our data, people, and systems, it is only part of the picture. Security requires us to balance technology, processes, and human actions to change the way we face situations that could cause us harm.
For example, take malicious or phishing emails. Buying a mail security product can feel like the answer to our problems. It should block suspicious email from reaching us. However, it takes more than buying a tool for this to work; without policy and process to configure and maintain that new tool, it will not prevent malicious email.