3. Untrained staff:
When it comes to security, one key oversight is lack of training. It’s imperative that employees know what the security policies are, all the way from what devices they can use to what applications they can download.
4. Shadow IT:
More organisations are struggling with shadow IT, which is the use of hardware or software that is not supported or authorised by an organisation’s IT department.
Shadow IT can range from developers using various Software-as-a-Service (SaaS) platforms to employees storing corporate data in cloud storage solutions like Dropbox or Google Drive.
These solutions seem innocuous to most people, which is why employees need to receive comprehensive training about what is a security risk and what isn’t.
5. Compliance:
If your organisation isn’t compliant, it’s unlikely to be secure. Consider whether the organisation would pass a compliance audit for security and Payment Card Industry (PCI).
Complicating matters is the fact that many organisations don’t even know that governmental compliance regulations apply to them.
6. The right partners:
More organisations are choosing to outsource security operations. But when it comes to outsourcing security, it’s truly a buyer beware scenario.
The first step is to understand exactly what needs protection including devices, network, applications, and data. Then, determine which components of these are being outsourced.
The second step is to choose the right partner or partners for those specific needs. Keep in mind that the more vendors are consolidated, the more efficient the strategy will be.
Make no mistake, security is expensive. Not having security is even more expensive. But part of choosing the right partner comes down to understanding the balance between performance and cost.
Choose a vendor who can help make the right decisions around balancing performance, effectiveness and cost.
7. Physical security:
Physical security is the protection of people, hardware, programs, networks and data from any damage that might occur. If your physical system isn’t secure, nothing else matters.
Yet physical security is one of the most overlooked aspects of a security strategy.
The physical management of data centres includes security policies and procedures, security officer staffing, access control systems, video surveillance systems, standards compliance and physical security designs.
Make sure the data centre complies with standards and conduct annual audits.