Photo Credit: ginnerobot via Compfight cc
– It’s the secret of every tasty bite
Imagine, for a moment that your business is a bakery. Cake is your organisation’s currant product or service, your raisin d’être (see what I did there?!)
For your business to be successful, you want your cake to be safe to eat, attractive to buyers and above all, yummy!
Too many businesses see infosec as the icing on their cake, an optional extra to be added last – but it is so much more than that. Infosec is critical to every aspect of your cake-making, starting with your recipe….
The recipe is your business plan, processes, policies, and procedures. Do they include steps and controls to make sure your organisation is baking the right way? Do your bakers know what steps to take if the flour catches fire or the eggs are stolen? Who is checking to make sure that pans are clean and hands are washed?
Do your project and change management procedures include consideration of infosec risks at all stages? Is anyone checking logs and alerts for suspicious activity? Do you have business continuity plans in place and have you tested them?
Then you have your ingredients. Generally the quality of your ingredients will affect the success of your cakes – cheap, low-quality ingredients will not produce a cake for for gourmets. These are your systems and tools – unless you invest wisely in them then your cakes may not meet your expectations…
Do you maintain and update your firewalls? Are servers and desktops patched? Can staff work remotely without resorting to using insecure personal accounts and equipment?
Some ingredients such as sugar are less quality-critical than others….decide carefully where you can afford to skimp without unacceptable results. Are your systems flexible enough to meet future business needs and evolving threats? No-one wants a mouldy cake! Weevils in the flour might add protein but won’t be popular with your customers…
Has new technology and functionality been security tested? Will cutting corners on risk management for a short-term saving result in an expensive problem later on?
Your ovens need to be at the right temperature – how is infosec perceived in your organisation? Lukewarm attitudes to infosec will not help your cakes to rise! A fiery hot panic leading to disproportionately restrictive controls might incinerate your baked goods! Regulate the temperature so there is a good balance of risk management and innovation that allows your organisation to flourish but remain protected.
And last but most importantly, your bakers. Your employees are both the front line and last defence against infosec threats. Mistakes, malice and misunderstanding do not make for good cake-making or effective information security. Educate, equip and empower your bakers and avoid the bitter tastes of demoralisation, stress, cynicism or confusion in your cakes.
Are your employees provided with a comprehensive infosec awareness programme or do you just have ‘tickbox training’? Can workers get their jobs done without needing to circumvent security controls? Do they understand the reasons for the controls and the value of infosec?
So happy baking to all of the business owners out there – as you can see, good infosec is much more fundamental than a cherry on top!