Until I "took the leap" and started working on my own, not for myself which is a phrase made since you always do it for third parties, for more than 20 years doing it for different companies, this fact has always been something recurrent. Security worries little, or rather only when a disaster or serious incident happens that makes you turn your head to that side and turn on the alarms (late already) with the corresponding loss of business, data, prestige or customers.
The saddest thing is that precisely, those who should have more protection in their equipment, yes, those who are in the highest echelons in the chain of command / responsibilities, usually involve little or almost nothing and are more pending to install the mobile application "chorra" of the moment, to show it proudly on their iPhone, Blackberry or Galaxy "extra large", than to see what happens through your company's network cable. And so it goes...
In the middle of everything, the gurus of "Social Media" arrive who fill their mouths with acronyms as I mentioned in this post, selling attractive motorcycles specially prepared for those who "want to believe" (that eye, they do their job and some very well) and that company, or rather their managers, when they see their page on Facebook, their Twitter account, a blog, they start spinning "in circles" (from Google+) and get drunk on "likes" and "+1s"...
And with drunkenness, or rather after it, comes oblivion. The "social" hangovers are lasting because they act in the long term, the "blurred" vision prevents you from seeing what you have in front of you and of course, how are they going to come to chafarte the party?.
That we are in a time of crisis is something everyone knows, that it is important to get new customers or not lose those you already have too, but precisely, thinking about those current or future customers, security training should be considered an asset for the company and not that "ugly" or gray part pulling black as some see it.
A work team prepared to avoid information leaks, sometimes critical incidents and with a base in information security, will make that company obtain an added value from the outside and that internally it is more solid.
If you have a company, you are reading this and you still do not use SSL in your mail, you have the same password on all sites (maybe stuck there near the screen) or you do not remember the last time you changed it, your smartphone does not have a lock code, the hard drive of your laptop is not encrypted or you have some additional protection system, your system lacks the relevant security patches, you have ineffective or outdated antivirus, you do not know who, when, how and how far they access your intranet, you have a lot of papers on the table with your customers' data, or you do not have a reliable backup system, etc., you may have to rethink quietly and with a clear mind on what to invest (or not waste on many occasions) your money.
Investing in computer security is doing it in something real, tangible and with results in the short, medium and long term. You have an armored door, you hire a surveillance service, state-of-the-art alarms and you can even see what happens in your company via a webcam and mobile but what happens to what you do not see?
Don't forget, "the bad guys" use other doors and pass by without warning...
Author: David Hernández (dabo)
Source: DaboBlog
