When it comes to defence and protection, don’t forget how your organisation treats data. The mindset plays an important role. This can be illustrated by a simple correlation. Organizations which take the protection of data privacy seriously have an edge when it comes to implementing IT security measures. We talked about this relation in an interview with ORF journalist Erich Moechel (article is in German, Google translation).
The findings are not surprising. Auditors and penetration testers can tell if your IT staff takes the role of protecting digital assets seriously. The correlation is easily explained : Once you establish data protection guidelines, you also create a motivation to implement defensive procedures and measures against intrusion. Directly linking operational aspects to a reason makes sure that everyone understands why defence is important. Bear in mind that this is more than simply stating “Hey, let’s protect our customer’s data!” Paying lip service to a policy is easily done. Getting the message down to all staff members (and external consultants) doing the actual work is much more difficult.
The key to all learning is motivation. If you want to learn something new, such as understanding new attack vectors and tactics of your adversaries, then you need to be motivated to do so. Simply claiming “I like to learn something!” just for the sake of it, or just because your boss want’s you to, won’t do the job, sorry. It might work for a short time, but then again you are more likely to abandon your efforts in the long run – you need a reason to keep it up, a personal goal that keeps you going.
Value your Data and teach all your staff members to do so by explaining how Data treachery and thievery can damage your business as your personal life (by the way, attending DeepSec is also a good way to get into the mood of exploring new ways to protect your data or attack your defenses).
It is essential that you establish a focus on protection before you buy gadgets and hire consultants by the dozen. If you don’t care about your or your customer’s data, your adversaries probably will.