In the grand scheme of your business, computer security is essentially worthless. What really matters is the security of your information. Devices are easily replaced – your confidential data and your secrets are not so. It might be tempting to treat this difference as nothing more than a semantic point, but there is an important insight here. When you focus on the security of your ‘things’ (your laptops or your network components) you can lose sight of what really matters. Security is NOT just the IT department’s problem … It’s everyone’s responsibility.
Author and corporate security expert Ira Winkler has a great perspective on this stuff. The insight is not groundbreaking, but it is definitely an important one. A good corporate strategy when it comes to security is really about your team’s behaviour, not the status of your anti-virus software or your network firewall. To be sure, those things are essential elements to having a well-protected business; but in the end, your attitude towards the integrity of your information matters far more. What policies do you have in place? Do you train your team on how to keep passwords safe or prevent vulnerabilities in and outside the office? A proper approach to security involves every department in your business, not just IT.
Consider the budget that your executives allocate to keeping your business secure. If they only think about the status of your computing devices and network components when it comes to security, then your CFO is going to simply look at the value of those components, look at the rest of the IT budget, and assign the money accordingly. Does your entire team understand they all have a roll to play? Can your leadership team put an accurate dollar value on the cost of a breach? Have your executives ever participated in a proper security risk analysis?
Changing your vocabulary helps change your perspective; stop talking about computer security and start thinking about the security of your business as a whole; including your teams attitudes, behaviours, and long-term goals.