• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Struggling to define your organization’s security requirements? Start here.

May 28, 2013 by Secure360 and UMSA

secutiry label on a t-shirtPrepare yourself for a harsh truth; technology cannot always protect you. In fact, a large amount of attacks are aided by a company’s lack of requirements and restrictions, not the lack of the newest software. When creating a security plan you need to build your strategy from the ground up by beginning with finding where threats can come from and defining what non-technology-based barriers you can put in place as a preventative measure.

To ensure you are prepared for an attack from all directions, break security into four categories:

Physical Security

Although you may not think about it now that so much information is kept digitally, it is still vital to protect your physical office building. Employees feel safe inside the office and tend not to be concerned about leaving around documents containing confidential information; why would they if everyone in the office has access to the information anyway? But, what if you are not properly restricting access to your office? It would be very easy for someone to come in, take a picture of the important information, and leave.

Physical security requires that you know who is in the building at all times. Employees should use key cards that only allow them access to where they need to be and guests should be given badges to identify them and require an escort. Don’t ignore this category of security. It would be bad for business (and kind of embarrassing) if you invested time and money in digital security and an attacker stole from you using information they grabbed off a desk.

IT Security

Yes, IT security contains components that are not necessarily technology based, and the most important of those components is restriction. This idea is simple – don’t give everyone access to everything. How you go about giving people access to only what they need is up to you. You can simply avoid giving some people access to a server, or create separate servers for each department.

Cyber Security

Cyber security relies so much on employees making smart decisions online that it could be beneficial to write up a separate cyber security plan in layman’s terms to distribute to employees.

Cyber security includes teaching employees the importance of password protection, avoiding making transactions over public WI-FI, remaining vigilant about watching for spam emails, and the rules surrounding BYOD. This sounds very straight forward, but many people are still ignorant to the importance of cyber security and hold the “it won’t happen to me” mentality; in fact, “password” is still the most common password. Don’t ever assume that people know the rules of cyber security – teach them all, even the most basic.

Records Management

Records management is where you will likely get the most push back from employees. If you want to protect your records, you need to regulate what format they are in, where they are kept (paper and electronically), who keeps them, how long they are kept for, and what happens to them at the end of their life-cycle.

This is a big task, but if you allow duplication of confidential information, storage on unsecured servers, or improper disposal, you could be setting yourself up for an attack.

All of the above security measures may seem like common sense to you, but you are a security expert; many of the people you are managing know only as much about security as your teach them. Take the time and effort to tackle these non-tech, educational preventive measures and we bet you will be pleasantly surprised at the decrease in security issues.

Filed Under: Business Continuity Management, Physical Security, Cybersecurity, Professional Development, Risk and Compliance

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Secure360 Conference
    Secure360 Conference: With so much fun had this year, we're eager for next year! Mark your calendars for May 9-10, 2023 back at Mystic La… https://t.co/Cbk0abnNSO
    about 1 hour ago

  2. Secure360 Conference
    Secure360 Conference: With #Sec360 2022 officially in the books, we wanted to share a little recap of the fun! https://t.co/iMPwAp1Kac … https://t.co/kk7xRUXoRo
    about 2 days ago

  3. Fusion Learning Partners
    Fusion Learning Partners: Congratulations @UMSAOrg on a successful 2022 #Secure360 event! We are honored to be part of your conference team &… https://t.co/RbT7IEG49G
    about 3 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.