Straw, Sticks, or Brick: How to Tell Which Your Network Is, and How to Improve It
Just yesterday, someone told me they think they are secure because they have anti-virus, strong passwords and a firewall.
Last weekend, I asked my daughter to tell me a fairy tale. She chose The Three Little Pigs and the Big Bad Wolf. As she told the story, it became so clear that organizations use straw, sticks, or brick to build their cyber-security protection. See which you are, and how to improve:
Security built with straw, is weak, and too common. It is when executives say:
1. “We moved everything to the cloud so we no longer need to be concerned with security.”
2. “Everybody is getting ransomware, so it is no big deal if we do too.”
3. “We encrypt our data, so it is safe.”
Security built with sticks is common too, and better, but will not stand up against attackers. They think they need only three things and can stop there:
3. Strong passwords
Security built with bricks is very rare. You still need the “sticks” combination, and the rest of making a home out of brick is achieved by doing the hard things that attackers are counting on organizations not doing:
1. Ensure no programs or scripts can run unless approved
2. Keep patches current without crashing systems
3. Constantly measure to make sure the right things get done. Support your IT Professionals generously by truly listening to them and supporting them as they accomplish these difficult tasks
Past, and future, blog entries explain how to implement the brick solutions above.
Please forward this to everyone you know who may have built their cyber security out of straw or sticks. Encourage them to get out the bricks ASAP.