When it comes to business security, most people think that it is a no brainer!
Delegate to the IT department and it is done.
If you want to be a target, maybe get your 2 minutes of fame on the nightly news and want a cyber event to impact your reputation, finances, operations, and legal capability then, by all means, ask the IT department.
Business security is all about the business. Yes technology and the IT department are a component but they are not the most important component of the requirements to secure the organisation
Business security starts at the top. Board Members, managers, and owners are required to look at the business and work out where an attack could come from, calculate the destructive effects, mitigate those effects and then implement protective strategies to cover those attacks.
This is very hard to do when your expertise is based on your core business. Your core business could be anything – legal, finance, manufacturing or even charity based. You are good at what you do, that means that you are not the best at understanding the problems associated with business security.
This is when you need the Board, management, and owners to look outside their organisations, to people and organisations that focus on business security. Business security is their core business!
From a management perspective, business security is all about risk. Risk assessment, risk management and then risk reduction. Your organisation has to have an understanding of their risk appetite before they can implement change and reduce those risks.
Business today is wholly dependent on the digital. We would not be able to do business without it. Each of those digital components has a risk factor requirement. Do you know what they are?
A business security risk assessment is the first step in Business security.