Paul Wallenberg

How to Manage Your Security Risk on a Tight Budget

At this point, we’ve all heard the news about the global ransomware attack called #WannaCry. The attack left a lot of companies and both IT and business executives feeling vulnerable and susceptible to further attacks. If you find yourself behind the eight ball with a small budget for your IT spend, it’s time to get creative and protect your data.

As some tacticians would say, “the best defense is a good offense” so here are some clever ways to get offensive on the security front that won’t break your bank:

Go Phishing

And I’m not talking about making the pilgrimage to New York City to see Trey Anastasio and his bandmates’ 13-night run at Madison Square Garden. I’m talking about fake phishing your own employees. With security threats like the Google docs spoofing attempt, you might be surprised how many of your employees will fall for the attack. If you want to know who your vulnerable employees are, phish them yourself with your own spoofing email. Corral those employees that fall for the attack into an afternoon training session and show them how to identify external phishing and spoofing attempts. Don’t telegraph it either! This isn’t a fire drill. With phishing attempts you don’t get to smell the smoke or feel the heat until it’s too late.

Set Boundaries

If the access rights and privileges at your company are like the Wild West, you’re in trouble. Setting policies and implementing governance might take a lot of thought, planning and lobbying for approvals and execution, but it will all be worth it if it prevents a breach and keeps you and your clients’ data secure. Coincidentally, after all the back and forth getting your system security and acceptable use policies approved, your CEO & CFO might actually thank you for the increased productivity from their staff since they can’t access Facebook or get “click-baited” all day.

Train like Rocky

If you feel like most of your employees are susceptible to falling for the phish, get the whole company in a room and educate them on the most likely vulnerabilities and security threats. There is a preconceived mythology around security, most likely fostered by Iain Softley’s 1995 masterpiece Hackers, that implies hackers are all coming through the back door. When in reality, they are coming through the front door using techniques where you or your employees give them the access they need to do the damage they want to do. Quarterly trainings and lunch and learns will help reinforce your security policies so that recognizing threats and attempts to compromise security can become muscle memory for your colleagues.

Independent Consultants

There is no shortage of consulting firms specialized to security, but the assessments are expensive and then the remediation efforts come with a separate price tag if you don’t have the staff on hand who have the knowledge to implement them. The independent consultant market that has developed in information security is rich and full of talented security professionals who develop strong professional brands and reputations that they carry with them from assignment to assignment. LaSalle Network develops relationships with these security professionals and acts as a conduit for companies to these consultants in order that companies without a need for full time headcount can properly assess and address their information security concerns. Learn more about our Technology Recruiting practice here.

Share the Post: