• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Struggling to define your organization’s security requirements? Start here.

May 28, 2013 by Secure360 and UMSA

secutiry label on a t-shirtPrepare yourself for a harsh truth; technology cannot always protect you. In fact, a large amount of attacks are aided by a company’s lack of requirements and restrictions, not the lack of the newest software. When creating a security plan you need to build your strategy from the ground up by beginning with finding where threats can come from and defining what non-technology-based barriers you can put in place as a preventative measure.

To ensure you are prepared for an attack from all directions, break security into four categories:

Physical Security

Although you may not think about it now that so much information is kept digitally, it is still vital to protect your physical office building. Employees feel safe inside the office and tend not to be concerned about leaving around documents containing confidential information; why would they if everyone in the office has access to the information anyway? But, what if you are not properly restricting access to your office? It would be very easy for someone to come in, take a picture of the important information, and leave.

Physical security requires that you know who is in the building at all times. Employees should use key cards that only allow them access to where they need to be and guests should be given badges to identify them and require an escort. Don’t ignore this category of security. It would be bad for business (and kind of embarrassing) if you invested time and money in digital security and an attacker stole from you using information they grabbed off a desk.

IT Security

Yes, IT security contains components that are not necessarily technology based, and the most important of those components is restriction. This idea is simple – don’t give everyone access to everything. How you go about giving people access to only what they need is up to you. You can simply avoid giving some people access to a server, or create separate servers for each department.

Cyber Security

Cyber security relies so much on employees making smart decisions online that it could be beneficial to write up a separate cyber security plan in layman’s terms to distribute to employees.

Cyber security includes teaching employees the importance of password protection, avoiding making transactions over public WI-FI, remaining vigilant about watching for spam emails, and the rules surrounding BYOD. This sounds very straight forward, but many people are still ignorant to the importance of cyber security and hold the “it won’t happen to me” mentality; in fact, “password” is still the most common password. Don’t ever assume that people know the rules of cyber security – teach them all, even the most basic.

Records Management

Records management is where you will likely get the most push back from employees. If you want to protect your records, you need to regulate what format they are in, where they are kept (paper and electronically), who keeps them, how long they are kept for, and what happens to them at the end of their life-cycle.

This is a big task, but if you allow duplication of confidential information, storage on unsecured servers, or improper disposal, you could be setting yourself up for an attack.

All of the above security measures may seem like common sense to you, but you are a security expert; many of the people you are managing know only as much about security as your teach them. Take the time and effort to tackle these non-tech, educational preventive measures and we bet you will be pleasantly surprised at the decrease in security issues.

Filed Under: Business Continuity Management, Physical Security, Cybersecurity, Professional Development, Risk and Compliance

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Secure360 Conference
    Secure360 Conference: We are honored to be listed on the Top 20 Cyber Conferences for 2021 -> https://t.co/MnrQ3E5ifw
    about 7 hours ago

  2. Secure360 Conference
    Secure360 Conference: Fascinating stuff about the shift from brick & mortar to e-commerce, from Diamond Sponsor @cisco! https://t.co/4GaYGQKZ1a
    about 2 days ago

  3. Secure360 Conference
    Secure360 Conference: Seize the opportunity in the post-covid world to create a DevSecOps culture. Read how in a blog post by #Sec360 Gol… https://t.co/Hk5HrDRtcP
    about 2 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.