Legal, Compliance, Finance, and Operations can all contribute to a safer and more secure perimeter
Discussions of an organisation’s cybersecurity are usually left to the IT department. If something is broken or looks suspicious, employees simply contact their IT resource.
However, sending an urgent message to IT is most likely not going to resolve an issue, thwart criminal activity, or increase the overall security posture. Long before the arrival of COVID-19, organisations have had to adopt a more DIY approach to cybersecurity, for the following reasons:
Suffice it to say, the DIY approach to cybersecurity will be in place for a while, but how can organisations defend themselves moving forward?
Many organisations simply resort to continuous employee training and automation software in order to defend all endpoints, apps, and the network. However, this is still not enough.
Protection against cybercriminals simply using intuition or off-the-shelf software might not go far enough in ensuring a secure perimeter. For those organisations operating in regulated industries, such as finance and healthcare, compliance, legal, and other departments need to step in.
For example, home health aides, who provide care to individuals in their homes, are most likely using tablets or smartphones to record data on their patients. More than a security, issue, there are compliance and operational issues, due to the following:
As such, we can see that cyber security is only part of a larger compliance mandate that organisations, their employees, and contractors must adhere to.
Rather than consider them as separate business processes, the most successful organisations unify their approach. Compliance used to mean performing the bare minimum of legally required measures and activities to satisfy external parties. As shown, compliance needs to be a part of a larger operational approach that involves several teams. The end result is not simply satisfying a government regulator but also ensuring that employees and contractors are performing their jobs and capturing data to the strongest and safest standards possible.
Creating and implementing a cybersecurity strategy based on your organisation’s needs and conducting a gap and risk assessment are key steps for developing not only effective cybersecurity programs but also strong compliance policies. These steps analyse your technology and internal processes to identify the areas of vulnerabilities and the approximate size of the attack surface, in order to improve security posture and meet compliance requirements.
It’s important to note organisations should not view compliance standards and regulations as a guide to create a cyber security program. Instead, it should be the other way around. A cybersecurity program should encompass compliance requirements, while still considering all of the organisation’s assets, including all endpoints, applications, and networks.