Using Cybersecurity as a Competitive Advantage: Part 3 of 3
Jennifer LeClaire - January 30th, 2012
This is part three in a series of three on data privacy. Read Pat’s first interview here and second interview here.
Data privacy is in the spotlight as the January 28 Data Privacy Day approaches. In this first two parts of this series, we focused on the challenges and consequences of poor data security. Now, veteran technology journalist Jennifer LeClaire shifts gears to talk with Lumension CEO Pat Clawson about how companies can use cybersecurity as a competitive advantage.
LeClaire: How can good cybersecurity give companies a competitive advantage?
Clawson:
It’s definitely a strategic play. Good cybersecurity is a longer term benefit to protect your business – it’s about creating a business that will be here for the long haul because you’re protecting your data.
The other side is how safety and security helps you build your business now. When Ross Perot was building Electronic Data Systems, he built it as a fortress. People could count on EDS both physically and technologically to be prepared for the worst case scenarios. EDS customers felt safe and secure. That can be leveraged going forward. There is an opportunity to be excellent and be safe and secure. That helps you win contracts in the private and public sectors.
LeClaire: How can companies assess if employees are putting business data privacy at risk?
Clawson:
There are tools that give you a glimpse into how secure your data is, but not entirely. One of the most important things to do is educate employees. Ninety-eight percent of people on the planet wouldn’t do anything to knowingly compromise data.
With the education process, you can assess employee risks in a non-threatening way. You can survey employees. You can talk to them about how they’re handling data and activities around data. There’s always that 2 percent that doesn’t care. They don’t have a good barometer for right and wrong and those are the ones that you need to worry about. You can curb errant behavior through education. At Lumension, we’ve created a resource center for an organization’s employee base. It’s regularly updated with basic do’s and don’ts for how to keep your data safe…and your company’s.
LeClaire: How can companies practically go about educating employees on data privacy issues?
Clawson:
The best data privacy education programs I’ve seen is when IT has a quality process to drive education through to every employee. That could be through screensavers, posters in the bathrooms, or a sign in the conference room. You need to have a defined process for communicating with people. Talk about data privacy regularly in company meetings and newsletters. You need a regular forum, a regular drumbeat of education. It won’t happen without executive team support.
LeClaire: What are some best practices around data privacy? How can companies go on the offensive in the fight to secure data privacy?
Clawson:
Some of the best practices are byproducts of history. There are some pretty good roadmaps about what you need to be doing. Not everybody wants to do the basic best practices anymore. There is a balance between the desire to woo employees by allowing them to do anything they want on company computers versus the desire to use the company computer for business only. It’s a balancing act, but today, the majority of people use company computers for both work and personal matters.
We need to take security a step further than anti-virus software and use strategies like intelligent whitelisting where you only let what is known to be good run on the device. You don’t have to guess if there is a piece of malware on the device since it won’t load unless it’s on the whitelist. Even if it attached itself inside Microsoft Word and it doesn’t appear to be different, the reality is that if it’s off by a single bit or byte it’s not allowed to load into memory.
I think that’s one of the biggest shifts people are going to have to make over the next 10 years. The bad guys have figured out how to deal with the anti-virus software. They create custom pieces of malware that will never be replicated anywhere else. You’re not going to see AV signatures stop. Intelligent whitelisting is a safer approach.
FREE Scanner
Free eBook &
Over 48% of IT Directors say that mobile devices represent the greatest network security threat.
Comments