During these difficult times it is understandable that organizations may be looking for creative ways to cut costs or gain efficiency. While investing time to build out your information security program may not seem like a cost saving idea, it can actually introduce significant operational savings. An Information Security Program is a system of protecting the confidentiality, integrity, and availability of information within a business. The hidden benefit to building a strong information security program is that you can also build a better business. The two elements go hand-in-hand and make your business stronger, more efficient and better able to handle a crisis.
Why have we not realized this hidden benefit before?
Often management makes the mistake of believing that implementing an information security program will negatively impact productivity. They worry that activities such as adding Multi Factor Authentication, implementing multiple approval layers for access to data, or making employees take mandatory information security training will add bureaucracy and distract from critical activities. However, done correctly and using the right tools, the opposite can be true. Implementing an information security program can help your employees better understand their role, improve their performance and make your organization run more efficiently.
Effective security programs focus on the confidentiality of data stored but they also look at the availability and integrity of data. While the primary intent of these procedures, documents and training is to promote a more secure workplace, the clarity a security program provides also drives significant efficiencies in the workplace. For example, if your system suffers a data breach and has to be taken down employees can’t do their jobs and this can significantly impact productivity. Likewise, if data on your system cannot be trusted due to intruder access, or retrospectively proves to be incorrect, this can also introduce major inefficiencies as corrective action or additional verification steps are implemented. So not having a security program in place to protect against these issues can cost you time and money through inefficiencies. Indeed, just the general level of scrutiny that implementing a security program entails forces management to look at policies and procedures with a more critical eye which in turn helps to identify gaps and inefficiencies.
So where should you start?
Each of the following steps will help you improve your information security posture and make your organization more productive:
- Focus on employee roles and responsibilities. Each employee should have a clear job description that sets out what their job entails. It should document how their role interacts with other departments to allow successful collaboration and teamwork. An information security program should focus on building strong and sustainable procedures, making sure employees understand their roles through effective documentation, and training them to be effective.
- Manage the process for onboard/offboarding users. This is essential and includes keeping track of which employees have access to systems and applications. With more effective onboarding you ensure employees have access to the tools and systems they need and you also ensure they are not missing access to something critical to their role.
- Conduct training. When your employees are working remotely you need to ensure that everyone is up to date on their training - especially cyber awareness training. Continuing training will ensure employees are more invested in the company. According to LinkedIn’s 2018 Workforce Learning Report, 93% of employees would stay at a company longer if it invested in their careers. You should have a way of sending/sharing training with employees and monitoring completion of training. You should also incorporate training evaluations to ensure the employees understand the training they have undertaken.
- Vendor management. This key element to a security program helps organizations run more efficiently by knowing who your vendors are so you can better control costs. You should track your use of vendors, their use/access to your systems and their compliance with security protocols. Some of the worst breaches last year were caused by third party vendors including breaches at Marriott, US Customs & Borders and Quest Diagnostics.
- Writing processes. By having documented processes for key business actions, employees and departments will work more effectively together. By documenting processes in advance of unexpected situations there is a clear understanding of who is responsible for key business decisions. This clarity helps your business work more efficiently.
- Faster response to RFP. With a strong security program in place you are prepared to respond quickly to an unexpected RFPs (Request For Proposal). Some businesses, especially in the healthcare industry, are currently dealing with an influx of RFPs and need to prepare to respond to these requests and win business quickly. A strong security program will make your organization better placed to win business and also make you audit ready should an audit be part of the contract process.
Ostendio’s customers have been using the MyVCM platform for over 7 years to manage information security programs. During COVID-19, Ostendio customers are using the platform to manage remote workers, update training and send the free vendor assessment template to their third party vendors to ensure their compliance during this critical time period. Contact Ostendio today to see how the MyVCM platform could help your business become more efficient and successful by implementing an information security program.