Security is Not Just Technology: 4 Tips to Secure Your Enterprise Without Technology

The recent spate of breaches and outages at leading retailers and financial institutions has placed the spotlight firmly on security at most enterprise organizations.

But while CIOs and CISO are focused on selecting the right technologies to help detect and contain attacks before they can do any damage, there are a bunch of things you can and should do to harden your security posture that don’t directly involved technology. Here are 4 tips:

1. Educate your users. It sounds obvious – too obvious maybe – yet too often companies forget to create a security policy and educate their users about it. End user security awareness training should be done frequently. It keeps the issues top of mind, which in turn helps keep your employees vigilant to odd behaviors by malicious insiders or outside hackers, and helps avoid unintentional mistakes that could lead to a breach.
2. Involve the business guys. Involving the business stakeholders in security helps make them accountable. Show management why security matters. Share information about other breaches and how security is working for the greater benefit of the business rather than getting in everyone’s way.
3. Know the data you’re collecting. Think carefully about the data you are collecting and storing. Retaining sensitive information can place your company and your customers at considerable and at times, unnecessary risk. Make sure to delete any unnecessary data, and consider whether you even really need to collect this data in the first place.
4. Always assume you’ve been hacked. Take this approach and map out your security strategy accordingly. If you assume your organization will be hacked, you’re already taking a proactive approach to fixing the problem and putting the right measures in place.

Security is not just about technology. It should be a corporate wide effort that involves all aspects of your organization including your employees and partners, processes and culture. With a holistic, proactive approach to security you can help make your living breathing and constantly changing organization much more secure in today’s increasingly mobile and vulnerable world.