Compliant does not always mean secure - this is one of the maxims held above all at Garland Heart. While being compliant with the regulations of your industry will cut down on the risk of an information breach, it does not mean that all the vulnerabilities in your system have been accounted for.
In order to get in front of any risks (proactive information security is the way to go), part two of this series focuses on the top five information security takeaways you should pay attention to in 2018.
5. If you haven’t completed penetration (pen) testing on your information system, this is absolutely necessary in 2018.
• While the frequency of pen testing is determined by the needs of your business, it’s recommended that businesses complete one quarterly at a minimum. If you don’t have a complete understanding of the vulnerabilities that lie in your company’s infrastructure, clients simply can’t have the highest level of confidence in your services. Find any weaknesses in your system and devise a plan to close the possible gaps in security.
4. Decide which aspects of your information security plan you need to invest in now.
• This ties directly into the point above. While pen testing shows you how potential hackers can exploit the weaknesses that may exist, it will also provide a road map to the priorities set in your information security process. Putting time, energy, money and resources into your security plan is easier when you know where it is going and how it will benefit you, your team and your clients.
3. Movement from the emphasis on starting your regulatory compliance procedures, to sustaining a proactive regulatory compliance cycle.
• This shift seems nominal at first, but is vitally important to a successful compliance plan. While your team spent time developing a course of action to stay on top of regulatory compliance, it must remain vigilant in maintaining that structure. Routine health checks, compliance updates and reviews will keep the organization running smoothly and will prevent faults from occurring down the road.
2. More people are going digital with their banking - ensuring websites and apps will remain secure through 2018 will be a must.
• This is an easy one, but that means it can be overlooked as well. More people can handle banking at their fingertips, so understanding the challenges of keeping their information secure will be a continuous task. Many companies rely on their vendors to monitor their security, however due diligence calls for your team to review their standards.
1. Incident response plans will be a must - with a thorough understanding of the actions and procedures required from all parts of your organization.
• What is your Incident Response Plan (IRP)? When is the last time that you’ve tested it out? This is important to think about - what are the most likely events that you and your company can experience? Build an exercise that tests your organization against those scenarios, and beyond IT, understand how your other team members will need to respond, including legal, public relations, etc.
Where do you fall on this list? What do you hope to pay more attention to in 2018 in info security? Let us know!
Don’t know where to start? Reach out! Our consultants can get you stared on a risk assessment course and find an action plan to get your organization on the right track.