Security is a story about your business
Security starts with your business plan, which is the essential story of your business.
- How you create value
- How you interact with customers
- How you manage financial transactions
- How you build assets
These are your areas of vulnerability where a hacker could fundamentally damage your business.
Your security story should also tell you how to protect them.
Your business IT security story
Your security story will be unique to your business. Our first task when you engage Silverfern IT is to learn all about your security story (see Getting Started).
As an example, most businesses manage financial transactions with their customers. They gather potentially sensitive information about these customers, and this data needs to be treated as confidential.
How is this information stored, backed up and protected? How is access controlled and validated? How are attempted intrusions recorded, and how is this information used to refine the protection measures already in place? Security is not set-and-forget; new threats appear every day so counter-measures also have to evolve.
Do clients have access to, and can they change their own data? Everything you do to make it easier for customers to access their own data potentially also makes it easier for hackers to access that same critical data.
The most vulnerable area is usually financial transactions. How do you protect customer data such as credit card and account details?
Many big-dollar IT frauds are not around customer transactions, but rather supplier payments. An embedded intruder can redirect substantial payments intended for your suppliers, to other accounts.
Often overlooked is the contribution that staff activities have on vulnerability. Several international studies have reported up to 50% of intrusions are at least facilitated by internal staff actions, including lax security practices, deliberate misappropriation and malicious intent.
Your security story should include how staff access settings are regulated to protect you against accidental or intentional security risks.