We all have our faults, and can sometimes get stuck in our ways – no one is perfect after all. But in the world of information security, bad habits can lead to costly and unnecessary troubles for your company. In a recent article, TechRepublic outlines 10 habits cybersecurity pros need to break, and features advice from industry experts on how to overcome them. The story includes suggestions from WatchGuard CTO Corey Nachreiner about the following bad behaviors:
Disregarding the user: “Although most security professionals realize the user is the weakest link, many disregard users as part of the solution, claiming “there is no patch for stupidity.” The truth is, user training can be a key aspect of your security strategy if you’re willing to make education a priority. Even small changes in employee behavior will improve your security posture.”
Ignoring the business side: “Cybersecurity is an industry full of acronyms, such as IPS, GAV, XSS, and SQLi. While these are helpful when talking to fellow industry professionals, you need to remember that many business owners do not use this language. Know your audience. How you speak to the C-level about security is quite different than what you’d cover with the IT managers and administrators.”
Another common mistake security professionals fall into is assuming perfect security is job #1. Many security professionals try to adopt “ivory tower” security practices, thinking security alone is the most important thing. However, the most important thing to any business IS their business. While information security is a required function to keep your business running safely, your security decisions need to cater to your organization’s business. Sometimes that means taking acceptable risks for business benefits. A mature security professional knows that good security is more about risk management than trying to attain any sort of “perfect security.”
Read the full article at TechRepublic.
Leave a Reply