New Year’s resolutions provide an opportunity to focus on important things that may have slipped through the cracks the previous year.
While resolutions typically center on goals like losing weight or saving for that trip to Cabo San Lucas, IT managers can also use the new year to rededicate themselves to improving their organizations’ security hygiene.
By adopting a few security-related New Year’s resolutions, IT managers can make their environment more secure and trouble-free in 2016 and beyond.
Compliance sometimes gets a bad rap. Many people in IT approach compliance as a list of boxes they need to check to keep auditors at bay, but that approach can cause a host of other problems. A lack of commitment to compliance will show in your work, resulting in security breaches, costly sanctions and bad press.
Compliance guidelines can, in fact, be extremely helpful. IT managers who apply them judiciously can achieve real value, both in enhanced security and cost savings. The National Institute of Standards and Technology’s guide on security and privacy controls for federal information systems (NIST Special Publication 800-53) provides great information on security. Such guides can help IT professionals perform their jobs better, even in instances where an organization isn’t required to follow them.
Make Every Step Count
After embracing compliance, put that guidance into action. While compliance documents offer many high-level guidelines for security mechanisms and processes, they also provide great, concrete advice.
For example, browse NIST 800-53, paying close attention to subsection (h) in paragraph 2 of Appendix F-AC (a completely normal thing to do). You’ll find a reference to notifying account managers “when users are terminated or transferred.”
That advice may not seem like a big deal at first. From personal experience, though, I can say it is huge: Many organizations get hurt when they fail to promptly deactivate user access rights when terminating an employee’s position — especially if that person does not leave on good terms. Rogue accounts can lead to data exfiltration, the introduction of malware and a host of other security problems. And that’s just one small example. Such guidance fills compliance documents, so why not take full advantage of it?
Tap Compliance Wisdom
IT teams typically do not have hands-on experience translating compliance documents into methodical, appropriately prioritized, quarter-by-quarter risk mitigation plans.
If your organization also lacks that expertise, find a partner that can offer it. The right partner can help formulate an actionable risk mitigation plan tailored to your organization’s IT environment, available resources and risk tolerance.
We all face growing cybersecurity risks, and we know that the consequences to our organizations will only continue to grow in 2016. But we can resolve to do a better job of mitigating those risks. Taking a fresh look at compliance is a good start, so check out CDW’s Next-Generation Security reference guide for even more information on this important topic.