4 ways to always be improving security

Consider these four tips to help build and maintain an "always-be-better" approach to security - throughout your entire organization
305 readers like this.
remote work security best practices

Cognitive dissonance is the security professional’s archnemesis.

Most of us – including our employees, customers, and partners – understand the importance of using secure platforms and risk-minimizing protocols to protect sensitive data. Even so, people aren’t generally inclined to change their habits, especially when it requires extra effort.

Because of this disconnect, it’s essential to ensure that everyone at your organization – from product design to internal infrastructure – is invested and informed about external threats. As remote work increasingly becomes standard operating procedure, it’s more critical than ever to fully understand and constantly reevaluate your organization’s approach to security.

[ For more security advice, read Remote work security: 5 best practices.]

Here are four tips to help you build and maintain an “always-be-better” approach to security:

1. Have a voice

Each department within an organization is its own stakeholder and champions a diverse range of needs. For example, platform engineers fight for seamless interface experiences, engaging design layouts, and new innovative functionality for the end-user. HR representatives push for practices and processes that best serve the internal employee, such as communication and collaboration.

Given these varying priorities, it is vital that security practitioners are heard when they advocate for how the business should securely deliver value to customers and how it operates internally. Because business needs are always changing, infusing a security mindset up and down the organization requires consistent prioritization.

Infusing a security mindset up and down the organization requires consistent prioritization.

That doesn’t mean putting security concerns over those of organizational counterparts – security is not a zero-sum game. Rather, security must be rooted in education and partnership. Security professionals need to work with their peers to increase awareness and explain how certain functionalities can help build trust as well as tighten product security.

For example, in the new remote workplace, businesses are leaning heavily on video platforms to replicate the in-office experience. Handling the volume is one thing; providing adequate security, including end-to-end encryption when necessary, is another. The ability to guarantee secure access to information has suddenly become its own value proposition.

2. Trust, but verify

Security is constantly growing and evolving. As the landscape around us changes, staying ahead of the curve requires a certain amount of knowledge-sharing and support. Exceptional security processes are born from working with peers and uplifting each other – otherwise, organizations risk stagnation and new digital threats.

Exceptional security processes are born from working with peers and uplifting each other.

Third-party certifications can help security teams assess a business’s security status and identify areas that need improvement. These certifications, such as the FCC’s Consumer Proprietary Network InformationISO Information Security Management, and the National Institute of Standards and Technology 800-53, serve as a baseline, providing an overarching security structure to which platforms can follow. Further, certifications regularly “raise the bar,” providing a powerful motivation for teams to remain proactive and forward-looking.

3. Continuously test and assess

When it comes to security, driving innovation and raising the bar requires a healthy dose of skepticism. Even when all the boxes are checked and you’ve reached the highest possible standard, security is a ticking clock: Regardless of how many new features you add and how much testing you do, resilience requires non-stop assessment.

Even when all the boxes are checked and you've reached the highest possible standard, security is a ticking clock.

This process requires a significant amount of effort and a variety of resources, but you don’t need to tackle it alone. For example, open source communities can provide a contained environment in which trusted partners can poke and prod defense systems to identify and patch system weaknesses. And a range of external threat research firms are dedicated to partnering with businesses for responsible disclosure. That closed feedback loop enables professionals to constantly identify new opportunities for growth.

4. Plan for the unexpected

Security needs change constantly in response to unpredictable external events and evolving threats, so it’s essential to be vigilant.

By maintaining close partnerships with departments throughout the organization and encouraging new ways of thinking, security professionals can play a vital role in ensuring business resiliency and productivity.

[ Culture change is the hardest part of digital transformation. Get the digital transformation eBook: Teaching an elephant to dance. ]

Michael Armer is Vice President and Chief Information Security Officer at 8x8. He brings over 20 years of cybersecurity and information technology leadership experience to 8x8 in the areas of data privacy, intellectual property protection, risk management and corporate cyber governance.