+
EDITOR’S QUESTION
MOREY J HABER, VP OF
TECHNOLOGY, OFFICE OF
THE CTO, BEYONDTRUST
T
he role of any leader in an organisation is to ensure business
continuity and limit risk to the organisation, customers,
employees and mission. Any disruption to the business
can cause a loss in revenue, reputation, or potential harm to its
employees or customers. In today’s next generation economy, if a
business embraces any form of electronic commerce, from payroll to
online services, there is a real threat for business leaders that should
not be ignored.
/////////////////
If your business is heavily invested in technology, it is simply
foolish not to consider improving your cyberdefences, even if they
are a near zero cost investment. To that point, improving cyber
defence does not have to be an expensive investment to make
sure your organisation does not fall victim to any one of these
modern disruptions. Considering the following:
• Education and implementation of secure password policies
including acceptable usage (i.e. complexity and no password re-use)
• Enable automatic updates on all workstations and mobile
devices to automatically install security patches when
an investment in a vulnerability management and patch
management solution is not feasible
• Budget for and replace all end of life equipment such as
Windows Server 2003 and Windows XP to ensure a safe
computing environment
• Enhance basic Windows group policy with best practice settings
for session timeout and require periodic password changes
• Remove unnecessary administrator rights from all workstations
and servers
• Change all default passwords so threat actors cannot guess them
based on dictionary attacks
And there are so many more. Outside of investing in new tools
and replacing old equipment, no business leader should ignore
improving cyberdefences. Minimal time, basic policies and
simple education can stop the easiest of attacks and potentially
keep your business off the front page of a newspaper. For those
business leaders that will ignore even this basic advice, I would
kindly ask them to consider the alternatives and play a simple
what if scenario game.
•
•
•
•
•
•
What if you do not improve your security posture?
What if you are breached and sensitive data is stolen?
Who will be accountable?
Who will be hurt by an incident?
Who could lose their job?
Could someone potentially even lose their life?
www.intelligentcio.com
In the end, I would challenge any business leader to say that what
they are doing is good enough today and that there is no room
for improvement. Their push back may be due to cost, ignorance,
arrogance or any number of human traits. That is simply not good
enough when the basic tasks would be simple to implement and
have a high value in protecting an organisation, even when funds are
not available. There is always room for improvement; especially in
cybersecurity at home and in business.
INTELLIGENTCIO
35