Thinking Through Security As A Digital Nomad

by Devin Moore / Oct 8

As much as information security can be enhanced by procedures, hardware, and software, the final safeguard of security are the employees of a company.  Each individual is responsible for taking a moment before doing something or to analyze a situation, and ask themselves a few questions:

1.  Is this action going to cause a security risk? (if the answer is NO, carefully reconsider.  Every action has some kind of security risk.  If management is saying that something has no security risks, then you are personally responsible for communicating what the real risks are.)

2.  Since the answer is Yes, what are the security risks that this action might cause?

3.  What is the severity of the risk compared with the easy of preventing or mitigating the risk?

Perhaps a given action (i.e. “an intern takes home the backup tapes”) only has one risk (”the tapes get stolen”) but the ease of mitigation is near zero. (how do you un-steal the tapes?)  This would be considered a risk too great to the security of an operation.  If a given action has a variety of risks, i.e. web browsing, where the risks can be mitigated by whitelisting or blacklisting websites, etc. then this would be considered a risk worth taking in most cases.  Regular virus and malware scanning plus a firewall are required software security tools these days.  Beyond these, all workers must take responsibility for the actions they have the authority to execute.  Companies should go out of their way to expose people to the types of security risks they face most often.  Companies must make sure their workers know how to respond, and that their workers understand the severity of a breach.

• Add Comment