After our #CSLucasWebinar on Keeping your Information Secure, we had some great questions regarding security protocols. Here are some key points from Don Escuro, Vice President of CS Lucas, that will help strengthen security measures.
Check that your suppliers are ISO 27001 certified
Having an ISO 27001 certification sends a strong message that a company is serious about protecting data. Companies who are certified, invest time and resources to understand how to strengthen and continuously improve their processes and teams’ security awareness. You should always ask your suppliers what controls they have in place to protect your data.
There is no one-size-fits all approach to security
There is no one-size-fits-all approach when it comes to security. You and your IT teams understand your company best. The first step is usually to do a security risk assessment. This is done by the CISO or by the person who is assigned to perform this role. You should be able to identify risk mitigation steps and minimum standards to follow after the risk assessment. In the meantime, make sure that you are using the latest software versions and patches, updated antivirus are installed, backups are regular and tested, and a plan is in place for disaster recovery.
Is your data safer on-premise or on the cloud?
A decade ago, security and IT professionals would have said that data is more secure behind your company firewall and physically protected in a secure server room. Now, more believe that hosting on the cloud is also safe (if not safer). Saving data on the cloud guarantees access, it is ISO compliant, and cost effective.
The root of the question depends on your company’s situation and what data you need to protect. In some countries and industries, there may be requirements on where and how you store your data. So it’s best to understand these things. The first step is still to identify your risks and from there, evaluate options to help you be more confident. Personally, I lean more towards storing data on the cloud. Providers like AWS have teams of security professionals constantly working to make sure that the cloud infrastructure is safe – so you can focus on security of the software that you host in it.
Watch the rest of Keeping your Information Secure here.