CyberSecurity Awareness Month: Protect Your Data
You may be compliant, but you might not be secure.
You might be secure, but that doesn’t make you invulnerable.
Target, for example, was PCI compliant, having aced an audit for the Payment Card Industry’s standards just a few months before it was revealed that hackers gained access to customer credit and debit card information. Home Depot, legally required to be PCI compliant, also suffered a Point-of-Sale (POS) breach, allowing hackers access to customer data.
“Being compliant can give a false sense of security,” said Sword & Shield President and CEO John McNeely. “Compliance standards are typically written to some baseline security measures and should be viewed as a starting point. Companies that just focus on compliance can find themselves still exposed to threats. Compliance standards may give some prescriptive direction, but most are ambiguous on key security controls and leave many implementation details up to the organization.
“Businesses that don’t take the time to develop sound security strategies that address the uniqueness of their organization and specifics of how to implement security effectively will, most likely, find themselves dealing with a security incident even though they are ‘compliant’,” he said.
For many, IT security beyond basic compliance is sometimes never considered: When security works well and nothing bad happens, why pay the extra expense to protect data?
“Compliance, in particular IT compliance programs like PCI and HIPAA are a minimum set of requirements, and, as such, should be used as the baseline plan for requirements for your organization’s security program,” said Sword & Shield Director of PCI Services John Harmon. “Keeping this in mind allows you to set the minimum requirements and improve your security based on your environment. All too often we see the only security program being undertaken by an organization are the requirements of the compliance program the organization is required to follow.
“Sword & Shield security experts have the business and security expertise to help your organization right-size your security needs to meet the compliance requirements, as well as outline a program to secure your organization’s data,” he said.
Data security is crucial to all organizations. You need to know what data you have, where it’s located and how to secure it.
At Sword & Shield, our philosophy is whether your business needs are compliance driven or security driven, building effective protection strategies takes a balanced risk management approach.
Be prepared to fight against the vulnerabilities and threats to your business mission. Helping companies defend against cyberattacks, fraud, and all forms of malware is what we are all about. We know you can’t do it all on your own and we can help.