What is good security?
“It’s the right people, at the right place, at the right time, doing the right thing,” says Corey Gary, Enterprise Solutions Architect at TSA. “It’s pretty simple,” he continues, “Don’t do what you’re not supposed to do and follow through with what you’re supposed to do.”
But establishing and sustaining those “do’s and do not’s” is the tricky part.
People, Process, Technology
When it comes to network security, there are two main avenues of attack that hackers use to infiltrate your systems: exploits and malware.
- An exploit, according to TSA security experts, is a technical flaw in the code that a hacker takes advantage of.
- Conversely, malware is a byproduct of social engineering initiatives that takes advantage of flaws in human nature rather than in the code or the tech.
TSA helps our clients mitigate these risks with bleeding edge technology and vetted security products from HPE. But unless you have security best practices and standardized protocols in place—as well as competent, trained employees to follow them—that technology will be rendered useless.
Over our years in the industry, TSA has discovered that, even when the technology is optimized, your process is right, and you have regular cyber security training for employees, the most important aspect of a company’s security standing has to do with the interpersonal relationships forged between your teams and the example set by your leadership.
IT Leadership and Team Fallout
While providing cyber security training for employees is an important first step to securing corporate networks, a more critical element is an IT leader’s self-awareness within corporate relationships.
When your upper management sets a healthy example, it encourages workforces, clients, and end users to do the same. By establishing and following a methodology based on healthy security practices, your leadership is more likely to inspire others to follow the same procedures.
Basically, no one is above the law.
Corey Gary goes on to explain TSA’s security philosophy, using the movie, Remember the Titans, to make his point:
Gerry Bertier, captain of the Hammond High School football team, confronts his defensive end, Julius Campbell, for on-field showboating and apparent laziness. As he berates Julius for his behavior, Gerry shouts, “[When you do this] you leave … your teammates hanging out to dry.”
Julius responds calmly, “The captain’s supposed to be the leader, right?”
“Right,” says Gerry.
Julius looks his team leader in the eye and says, “Attitude reflects leadership, Captain.”
Gerry Bertier hadn’t been putting his money where his mouth was, and consequently, his teamates were following his (poor) example. The team as a whole suffered because of it.
The same idea rings true for security leadership. If you want to maintain security, the leadership team cannot be exempt from the rules, or they risk setting an example that advertises that “the rules don’t matter.” That cyber security training for employees applies to every individual in your company—from your guest WiFi, all the way up to the CEO’s conference room.
Your company culture will follow much the same path if the relationship between upper management and your workforce is a sour one.
A leader who demands excellence when they are not giving the same is counterintuitive to productivity and cohesion—your workforce will have little encouragement to do what is right. Because, whether you realize it or not, your employees look up to you to set the example for more than just security best practices. When you operate with integrity and intentionally pursue professional relationships with your employees, they are more inclined to respect your leadership and strive for the same goals.
As it is, IT departments do not make the decisions for security protocols. These mandates must come from the C-level because they have the potential to change how every user interacts with the technology. As such, if a new security protocol is put in place by your higher-ups, you, as the IT leader, must abide by it. There are no exceptions. When you fail to follow protocol, you give your employees and other leadership staff license to do the same.
Remember that (sometimes) all it takes for your company to be the next big data breach headline is a single lackadaisical attitude and a particularly clever phishing email.
Your External Workforce
With the complexities of modern businesses, you often cannot sustain IT operations in-house.
Strategic partners and third-party vendors fill in where your workforce lacks the bandwidth. And although some would argue that keeping your security initiatives in-house is safer due to the containment it offers, but we’ve found the opposite to be true—as long as you establish trustworthy relationships with said vendors and determine that they hold their workforce to the same standards that you do. Often, working with outside vendors enables you to have broader experience and an increased ability to execute.
But how do you ensure that your third-party vendor is trustworthy?
Establishing A Trustful Relationship with Your Vendors
Quite simply, choose vendors who are willing to forge the same professional relationships you build with your employees. These partnerships should embody openness, respect, and dedication—they should promote transparency and invite accountability.
If you are partnering with an experienced vendor like TSA, then you reap the benefits of our broad knowledge and experience within the industry. Because we have a variety of clients, we get to see numerous environments on any given day—it also means that we see first-hand how different companies implement their security. We know what works and what doesn’t, and we bring that deep level of experience from different success levels to implement for our clients only what is most effective.
And more important than implementing technology is the repositioning of protocols and philosophies after, for instance, a new firewall is installed. TSA is not a “break-fix” company. We don’t just leave you with the new tech; we walk you through how to implement the consequent procedural changes at the employee and user level. However, for us to provide such a granular service, you have to be willing to invest in the relationship: share more about your goals, your environment, and your current processes. By understanding what drives your business, we’re better suited to provide you with solutions that help you achieve your goals.
Strategy and Trust
When you enter into professional relationships like one with your security vendor, you not only ascertain whether or not the vendor is trustworthy, you also need to establish yourself as more than just numbers on a contract sheet. People and companies thrive on relationships, and much like the example you set for your employees, vendors with strong relationships will be more willing to dedicate themselves to the success (and security) of your business ventures.
Looking for a more effective relationship with your security vendor?
Contact TSA to meet with our security team and start resolving your security pain points.