I totally understand why we need Security Awareness Training. Use better passwords, be careful surfing, etc. But how do you implement cybersecurity, really?
User training is fine, but it leaves me wondering if maybe we built systems that aren’t safe enough. Instead of warning people not to cut their hands on the meat slicer, maybe we should redesign things to keep the blade out of the way.
Cybersecurity comes down to three important areas:
These three items, sometimes called the CIA Triad (no, not that CIA), can be in conflict. It’s possible to lock things down so hard that people face delays getting the data. It’s possible to prevent edits by the very people who need to modify it.
The approach to these three things is changing. We used to worry about putting data in a safe place and then controlling who can read and modify it. Today, we need to worry about what happens to data as it moves out of that safe place into the hands of people who will work with it.
There are some good technologies out there to manage rights as data moves inside and outside your company. Too often, these technologies aren’t included in our tools or integrated into our workflow.
Tomorrow, we talk about the risk tolerance of the firm and how it affects cybersecurity.
I’m Carter Edmonds with 20CREEK. We help you build IT you’ll brag about.
Episode #50 – 2/18/2019