The Simple Things are Effective

It occurred to me while I was preparing to give a security briefing to a number of internal teams that fundamental security is not difficult. There are a number of simple activities or tasks that if carried out correctly, will significantly reduce the the potential for data loss, data breaches, security weaknesses and incidents. After a bit of scribbling in my book I boiled it down to ten things (or actually made it up to ten as I originally only cam up with seven, but every “list” needs to be either three, five or ten!). Many of them can even be driven by the individuals themselves rather than the organisations they work for; perhaps a version of BYOD called BYOS, or Bring Your Own Security. I think that in itself is a good topic for conversation!

Over the course of the next few weeks I will post each one (or two if they are related) of these activities, but in summary they are:

  1. Lock Leads
  2. Encryption
  3. Screen Privacy Filters
  4. Removable Media
  5. Collaboration Tools
  6. Mobile Devices
  7. Social Engineering
  8. Background Checks
  9. ID Badges
  10. Escalation & Education

I am sure there are more, and I have the feeling these posts will form the basis of a presentation later on in the year! However, the fundamental aspect of all of this is that basic security is not difficult. it doesn’t require thousands of pounds on DLP solutions, security guards and endpoint solutions (although they all help add layers of defense of course), it just needs to focus initially on a few effective measures that can me implemented across an organization quickly, easily and in the grand scheme of things, at great value.

In the process of writing these up I hope to explore both their effectiveness and ease of use; I will also challenge some preconceptions, including my own, on the ease in which they can be implemented and more importantly, adopted buy individuals in a BYOS environment.

About Thom Langford

An information security professional, award winning security blogger and industry commentator. Available as a speaking head and presenter on topics relating to information security, risk management and compliance.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: