Business Process - IT Security Evaluation

"People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems." — 'Bruce Schneier, Secrets, and Lies'

The headline grabbing examples of high profile data security breaches, such as Sony, Yahoo, Uber, and Equifax; to name only a few, let loose a wrecking ball of data destruction, financial loss, and trashing of reputations. In Australia, and New Zealand incidents reported with data, and privacy compromised from a diverse range of organisations including; The Australian Defense Force, Corrections Department NZ, Australian Broadcasting Corporation, Dominos Pizza, and Kathmandu in March 2019. Australian tech darling Canva had 139 million user passwords breached in May 2019, and Air New Zealand Airpoints in August 2019. There is seldom a month passes where a high profile organisation is not subject to a serious security breach.

In February 2019 the Australian Signals Directorate (ASD) confirmed that over three years through to 2018 there were 1,097 cyber incidents affecting classified, and unclassified government networks that were considered serious enough to warrant an operational response. See article here. (This is the tip of the iceberg.) These incidents are the calling card for Malware, Security breaches, and theft of private data. What doesn't get the same prominence, is the level of insidious, and unreported "security" incidents that affect everyday businesses, to varying degrees of severity.

There are technical solutions, to mimimise these risks from malware, phishing, and firewall penetration by developing a robust project plan to eliminate external risks. We offer guidance in best practice recommendations to mitigate this risk. We have the solutions to meet these challenges.

Less obvious; is the impact of internal threats caused by accident, incompetence or deliberately. Accidental threats include the compromising of intellectual information, such as sensitive client data, by emailing to unintended recipients, ‘losing’ USB sticks; etc. Accidents tend to be quickly revealed, as the consequences are immediate, and evoke urgent responses, usually in panic mode! Identifying a strategy to improve internal processes is the logical step to resolve such incidents to ensure there is no re-occurrences.

The often unknown business risk, is where there is planned, and malicious intent to do harm to your business. Through the misappropriation of confidential information or actions may physically damage an in-house, network and critical software databases. The breach may come from disgruntled staff who could be actively, and covertly working against your business interests. Often the targeted business will not be aware of the havoc wreaked on them, until well after the event when the damage is done. The ingredients of this are what nightmares are made of, and are destroyers of businesses, reputations, and livelihoods. 

When you leave your home, or business you lock the door, and set the alarm; to do otherwise is obviously not a rational decision? Leaving the security of your technology resources and confidential information to chance, and gaming the odds that nothing adverse will ever happen is more than likely to end in misery. This could result in financial ruin or irreparable reputational destruction. The proactive strategy with technology is to trust, and empower people to act responsibly within unambiguous, and readily understood procedures, but also ensure the checks, and balances are in place to trust but verify, and be vigilant.

We have developed a robust, and concise 'Business Process, and IT Security' Evaluation program that identifies specific security risks; internal, and external. From this careful analysis we are able to collaboratively identify an action plan to protect against perceived, and real technology risks.

“There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don't know. But there are also unknown unknowns. There are things we don't know we don't know.” — Donald Rumsfeld, Defense Briefing 2002.

Please contact us today here, for a free no obligation discussion.