It occurred to me while I was preparing to give a security briefing to a number of internal teams that fundamental security is not difficult. There are a number of simple activities or tasks that if carried out correctly, will significantly reduce the the potential for data loss, data breaches, security weaknesses and incidents. After a bit of scribbling in my book I boiled it down to ten things (or actually made it up to ten as I originally only cam up with seven, but every “list” needs to be either three, five or ten!). Many of them can even be driven by the individuals themselves rather than the organisations they work for; perhaps a version of BYOD called BYOS, or Bring Your Own Security. I think that in itself is a good topic for conversation!

Over the course of the next few weeks I will post each one (or two if they are related) of these activities, but in summary they are:

1. Lock Leads
2. Encryption
3. Screen Privacy Filters
4. Removable Media
5. Collaboration Tools
6. Mobile Devices
7. Social Engineering
8. Background Checks
9. ID Badges
10. Escalation & Education

I am sure there are more, and I have the feeling these posts will form the basis of a presentation later on in the year! However, the fundamental aspect of all of this is that basic security is not difficult. it doesn’t require thousands of pounds on DLP solutions, security guards and endpoint solutions (although they all help add layers of defense of course), it just needs to focus initially on a few effective measures that can me implemented across an organization quickly, easily and in the grand scheme of things, at great value.

In the process of writing these up I hope to explore both their effectiveness and ease of use; I will also challenge some preconceptions, including my own, on the ease in which they can be implemented and more importantly, adopted buy individuals in a BYOS environment.