With technology at the fingertips of billions of people around the world, organizations have truly global in the last decade. Organizations are able to manage and control communications with various clients and vendors on any part of the world. But, it also meant that users from far away corners of the world could access any resource on the internet. Protection of an organization’s assets, infrastructure, data and technology are of paramount importance. In fact it is the most important aspect. The papers convey that message. Irrespective of innovation and analytics being used of an organization, if it doesn’t stress importance on security, it will be vulnerable to attacks from malicious third party hackers with hurtful intent that will cause huge losses to profits and credibility. The papers talk about governmental involvement in cyber security laws like the one by Federal Trade Commission (FTC) that made it mandatory for even small scale organizations to protect customer data or pay the price. The papers talk about need for maintaining a culture of speedy response time and prioritizing security.
Cyber security and risk management go hand in hand. It is important to build, implement, maintain, and follow security protocols across the organization upgrading it regularly to be up to date with the latest advancements and schedule checks to ward off threats. But, in spite of its best efforts, the organization’s systems may be compromised. The risk management efforts that the organization worked on come into effect. A dedicated team of specialists must start working on the root cause of the issue and ensure data safety. Encrypt all data to make it unreadable to external entities. That will ensure continued protection. Mock attacks to identify loopholes and resolving them as soon as possible makes the organization stronger in dealing with from future attacks of the same kind. Building security firewalls and ensuring fast response when the firewalls are breached would ensure minimizing losses and maximizing security.
As an IT manager, I would implement all the steps mentioned above. I would have a dedicated team of professionals with the sole purpose of ensuring protection. Similarly, I would always stress the need for a response time who would be most active during the times of attacks. I would check on the results of regular system checks to ensure everything is fine. I would ensure that communication with external resources is highly encrypted. I would investigate and hold meetings about latest advancements and ways to implement them for our architecture and implement them as soon as possible.