How to Build a Holistic IT Security Strategyby
Following the recent SamSam hack on five of 13 local government departments in Georgia, we are once again left wondering if there is anything firms and their clients can do to protect their networks from security breaches.
Attacking organizations is part of an alarming trend from the group deploying SamSam. They are freezing their computer systems and demanding a relatively small ransom, knowing the organization would rather pay up than remain offline for a week or pay to fix it themselves.
We’ve already discussed why accounting firms need an IT strategy and what characteristics that IT strategy needs to have. Now, we want to highlight a more nuanced look at what steps your firm needs to take to build a holistic IT security strategy to limit vulnerabilities and strengthen your network's security.
What Does It Mean to Have a Holistic Security Strategy?
In the past, the most common approach to IT security has focused on layers of perimeter defenses and building the best “wall” possible. But, because these attacks have become more sophisticated over time that approach is no longer sufficient.
In fact, in the rash of SamSam ransomware attacks, the attackers first enter a network and get positioned before they start encrypting machines. Preventative security measures focus only on defense, but they can’t detect this kind of carefully-laid trap. To truly protect your practice and clients, you need a multifaceted, always-on approach to IT security that protects every endpoint, detects early signs of a breach, and responds immediately.
This holistic, all-encompassing approach to IT security allows IT teams to approach security risks with an “assume breach” perspective. It also allows teams to detect and more quickly mitigate threats using machine learning and artificial intelligence analytics. Not only does this increase the effectiveness of the security measures you have in place, but it also does so while reducing the burden on your IT team.
How to Build a Holistic IT Security Strategy
Ready to put a holistic IT security strategy to work for your accounting firm? Here are several important pieces that need to be included:
- Audit and assess current solutions. Have you added security tools to your IT strategy as your company has grown? Multiple dashboards and logins can slow down the detection process, so start planning to move to an ecosystem of products that integrate with each other and provide insight across platforms.
- Circumvent the security hiring gap with automation. Few accounting firms can afford to hire enough IT professionals to support their unique needs. To help support over-burdened team members, automate as many software processes as possible, especially low-level monitoring and event response according to existing policies.
- Don’t ignore the impact of BYOD environments. Employees increasingly expect access to data on the go and on any device. As a result, the once-acceptable, device-driven approach to security needs to be phased out in favor of identity-driven security. Make appropriately authenticating and managing users your first priority. Multi-factor authentication is critical.
- Think of the cloud as an extension of your datacenter. Whether you decide on a public, private or hybrid cloud solution for your accounting firm, you don’t have to move everything at once. Take a measured approach to moving to the cloud and move business functions only as you are confident in the amount of control the model gives you.
A holistic IT security strategy combines the latest technologies with enduring processes to manage risk and defend against an ever-expanding list of threats to network security. Consider using these steps as a blueprint for discussing and building your own holistic IT security strategy.
|We're proud to present the Technology Strategy series in association with AbacusNext who share our commitment to helping firms adjust to the digital world as safely as possible. AbacusNext provides a suite of best of breed services to accountants including OfficeTools Practice Management, Results CRM, and Abacus Private Cloud.|