James Ogier, Resolution IT's senior information security consultant, is a big proponent for creating cybersecurity programs that both address the information security needs and elevate company productivity and success – but how is this actually done?
"There's a fine line between being a secure organization and being a productive organization," says Ogier on the most recent episode of the Apptega De-Risking Business Podcast. And the best cybersecurity programs prioritize information security in a way that optimizes for business goals.
A security program should serve as a facilitator of business growth, rather than a blocker. Ogier has seen firsthand that by fostering collaboration and communication between consultant and client, shaping policies to match the specific business needs, and performing risk assessments that show an understanding of how security can contribute to overall growth objectives, security can become a business enabler.
Doing the Basics Well
For businesses in highly regulated industries, there is immense pressure to get the fundamentals right. Compliance obligations, due diligence with third parties, and good cyber hygiene are all crucial – but without a secure foundation all efforts will ultimately fall flat.
The basics -- which often consist of employee awareness training, multi-factor authentication, and vendor vetting -- set the tone for the entire security program. But when starting the journey toward cybersecurity readiness, businesses often wind up poorly prioritizing the necessary steps, ignoring employee buy-in and awareness training, which ultimately harms the business’s security posture.
To add the most value, MSPs must be able to strike a balance between adequately addressing risks and avoiding wasting time and resources; and the key to this is to break down objectives into manageable and measurable steps progressively built on top of the basics to create a proportional security system custom fit to the business’s goals and growth. By continuously growing a cybersecurity program from a solid base, organizations can make progress without overwhelming themselves and impacting productivity.
As Ogier says, the basics, combined with proportional security measures, act as facilitators of business growth, rather than blockers, and organizations can maintain productivity and expedite growth with the backing of an information security program built upon a strong foundation.
Listen to the full episode here.