No room for a OSFA approach to Information Security
With the increasing threat of cybercrime and constantly evolving techniques and tactics of malicious online actors, businesses in Australia are under increasing pressure to sufficiently protect themselves whilst squeezing all they can out of already stretched operating budgets. Therefore, it is vitally important that security measures are not only fit for purpose but budget friendly; this is especially relevant within the micro to mid-size business space.
When it comes to security - more specifically information security - one size doesn’t fit all. The OSFA phenomenon proved to be a costly mistake for clothing manufacturers and retailers with consumers preferring specific sizing and customised styles; the same can be said for information security.
With these constraints in mind, it is very important for businesses to understand that what works for one may not necessarily work for another.
For information security to be effective the mission, size, premises, location(s) and scope of current and future business operations needs to be analysed. Each business is different and has its own unique security challenges; whether working from home or on the road, job sharing, or utilising managed and communal office spaces or standalone premises.
What is the most likely threat(s) to your business operations? State actors, hackers, hacktivists, trusted insiders or cybercrime?
It is unrealistic to think that a business can effectively defend against all online, physical and human based threats. However, a structured and customised information security strategy through the analysis of identified threats, associated risks, and vulnerabilities will ensure that business-specific treatment measures are developed and implemented.
Australian businesses of all sizes are adapting online and computer based technology at a rapid rate; whether using the cloud, wearables, Wi-Fi, VPN, VOIP, video conferencing, fixed servers or a simple hard drive.
The type, quantity, age, location and deployment of ICT systems and infrastructure all need to be considered as part of an overall information security strategy.
What information does your business need to protect? Do you hold critical intellectual property, sensitive business and client information, research and development data, or payment card information?
Does your business fall within the category of an APP Entity and therefore required to comply with the Australian Privacy Principles? These are but some of the questions that dictate how information and data is required to be stored and protected.
Cash is king and annual budgeting can be tough. Whilst your business may not have the necessary finances to fully implement recommended vulnerability treatment measures a specific, holistic approach to information security will allow you to adopt a phased approach that mitigates high risk threats before moving to other identified issues; without breaking the bank.
With a multitude of technical and physical security solutions available, businesses should have no trouble protecting themselves against the risk of cybercrime and other malicious actors.
A specific, and tailored information security strategy will ensure that your business has the protection it needs and make the best use of available finances.