As someone who has worked in the Managed Network Services space for over a decade, there are certain behaviors I notice when it comes to security planning. Every so often, a major security incident occurs that makes headlines, and the media cycle begins. Decision makers at organizations, who are typically business experts and not technology experts, often react with questions about what they are doing to fight this specific threat. Are they doing the right thing? What else could they be doing? How exposed are they?
This kind of reactionary impulse does not necessarily bear out when it comes to other areas where we manage risk. Consider investing. Most people who are investing for the long term develop a strategy and stick to it; they do not allow some kind of external factor to force them to change their fundamental strategy, even if they make minor adjustments along the way with the advice of an expert.
While not completely the same as investing, you want to create a good fundamental approach to managing the risks associated with your practice’s security. By developing strong habits, you will be managing security and compliance risks by “tweaking” your approach, rather than tearing your whole approach down and rebuilding from scratch.
Let’s go over a few fundamental ways to approach security and compliance that any decision maker who has been tasked with managing this process should consider: