The cost of a data breach is an excellent point from which to study the concept of cybersecurity.

Why? Because it encourages organizations to re-evaluate cybersecurity as a business proposition, not a technological fix. This is where WIN IT Services plays an important role. One of our key objectives is to persuade clients to change their thinking and to perceive information technology (IT) as a business function. Only by placing IT (including cybersecurity) in its proper business context can organizations make the kind of decisions that achieve their overarching goal of success in their core competencies.

Like any other business function, cybersecurity is driven by the analysis of cost, benefit, and risk. Sensitive information is subjected to considerations such as anonymity, confidentiality, accuracy, and preserving data integrity. As a result, companies establish procedures designed to protect data. But in the Information Age, the demand for quick access to data leads to necessary compromises with security. How do you decide between these competing objectives?

If you erect an impenetrable wall around your data, it would be immune to attack, but it also would be nearly useless for most business purposes. After all, we do business in a world where data transactions and information requests require instant retrieval of material that is distributed geographically to all kinds of users with different purposes. Unfortunately, most companies do not define their expectations for security standards in a businesslike way, and this leaves them exposed to substantial risk and ineffective management of IT.

Best Practices at WIN IT Services

When clients retain WIN IT Services, we become the chief information/technology officer (CIO/CTO). In that role, we acknowledge the competing considerations that can have an impact on cybersecurity. Then we help our clients to make decisions — business decisions — about how to balance the costs, benefits, and risks of making information available to a variety of authorized users with different needs. At the most fundamental level, however, we insist that our clients adhere to a group of core security practices that reflect the recommended global standards established by the Center for Internet Security (CIS). More specifically, the CIS Controls™ and CIS Benchmarks™ are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals.

In a future Insight we’ll be taking a look at WIN’s security services including our Basic Cybersecurity Hygiene we implement for all of our customers.