A successful security strategy will not only protect employee information, reduce threats and maintain the organisation reputation but it will also ensure security is a top priority for all executives and employees.
Security should be built into the culture of an organisation, and that should be felt all the way through the implementation of a security plan.
So whether you're thinking about it, or are in the middle of a security plan implementation, you should read our top tips.
Read next: 7 of the best security tools for your home office
By CIO UK Staff
April 17, 2018
CIO UK
1. Why is a security plan important for a CIO?
The hybrid nature of the CIO role often means you're spread pretty thin and are often expected to deliver on both business and security initiatives.
Digital transformation and innovation are what most CIOs strive for, and it's these kinds of projects that tend to put cyber security on the back burner. Often, security plans can lag behind revenue-based initiatives.
Of course, some organisations will have a CISO or a security executive whose role it is to address all security concerns. However, the CIO should have a relationship with that person and be able to advise them where necessary, and visa versa.
The 2017 CIO 100 found that 70% of organisations listed had a security leader reporting into the CIO. This should make security an even higher concern, as the ultimate responsibility for security plans will fall to the CIO.
4. Security measures and controls
Businesses should have basic security measures in place to keep its data, employees and customers safe online. Simple measures such as creating strong usernames and passwords can go a long way to help secure your business.
Last year, Barclay Group Security CIO, Elena Kvochko told CIO UK that businesses need to implement strong measures at every level of the organisation to achieve true end-to-end security.
“The need for end-to-end security has given rise to the proliferation of security products,” she said. “After all, a business can only be as secure as its weakest link. It is the right tools and processes together that help enable teams to predict, prevent, protect, react, and recover from security incidents.”
5. Protect files from unauthorised access
Rarely a week goes by without a business having suffered a data making the headlines.
Last year, Pizza Hut revealed its website and app was hacked with 60,000 customers being impacted by a security breach. The hack had seen personal information such as email addresses, bank details and home addresses being stolen. And late last year Yahoo as forced to disclose that as many as 3 billion of its email accounts might have been compromised.
If data breaches are a matter of ‘when’ not ‘if, CIOs and system administrators should take steps to ensure they are detected quickly.
Two-factor password authentication meanwhile can be a cost-effective way to reduce risk from weak passwords while also educating employees on security concerns.
Ascential CIO Sean Harley says: “We are reducing the risk of people choosing simple passwords, we worked with the technical team to implement a single sign-on solution.”
8. Monitor networks
Network monitoring systems help admins understand what is going on in their network.
A network must be able to collect, process and present data with information being analysed on the current status and performance on the devices connected.
If a detection system suspects a potential breach it can send an email alert - based on the type of activity it has identified.
Antivirus software can monitor traffic and detect signs of malicious activity. These tools look for specific patterns such as byte sequences in network traffic or multiple log in attempts.
Ascential CIO Sean Harley said last year: “We focused even more heavily on information security. This has required the implementation/review of new/existing processes such as checking of our monitoring and logs for anomalies that could indicate compromise or potential threats, culminating in a new threat and vulnerability assessment which is reported to our executive team on a weekly basis.”