For some, this year brought an influx of funding for IT security projects. But what about the rest of us?
According to a recent report by TechPro Research, 2013 was a good year for quite a few IT departments. The survey showed that in 2013:
- 18% of respondents saw their security budget grow slightly over 2012 levels, and
- 7% saw it grow significantly.
That’s encouraging news, to be sure. But at the same time:
- 11% saw a slight decrease in spending, and
- 10% had their security budgets decrease significantly.
Of course, these numbers alone don’t tell the whole story. One-time projects can have significant costs when they’re implemented, then go off the books a year later. And not all companies will divide their security or other budget items the same way.
Security for the 52%
But where does that leave the remaining 52% of respondents who reported that their budgets remained the same year over year?
Chances are many of these organizations are satisfied with their current security levels. But almost all of them would gladly boost security if they could without spending more money.
Here are three places you can look to improve security without having to go to decision-makers hat in hand.
1. Focus on the vulnerable
Training every user on security is a must – but that doesn’t mean you shouldn’t focus on the big fish.
Hackers certainly will.
Look at the departments or users that have the most risk of being targeted, then give them extra training or built-in protections. This could include:
- High-level managers. The C-suite are the most visible part of your company and would be attractive targets.
- Finance pros. Hackers will follow the money. The users who control the purse strings are a high-value target.
- Customer service. These are the easiest group to get in touch with. Their availability and willingness to help out could be an opening for phishing attempts.
- IT. You and your department have access to the systems that open the door to everything else.
2. Test users
Training is key. Built-in protections are better.
But the best way to gauge whether these are actually working for you is to verify that the message is sinking in. Try testing users by sending suspicious emails from an unofficial account. Ask for usernames and passwords and see if anything comes through.
Tests like these also make a good opening to your next training session. Share the results with users so they know if they’re on the right track or need to spend a little more time thinking about security.
3. Keep patching
Any outdated or unpatched app can be an open door to an attack. Spend a little time each week getting on top of these.
(To find a list of known vulnerabilities, check out Secunia’s threat advisories.)
Setting a reminder to check for updates on critical apps could be a good way to make sure none of these escape your notice. Hackers are always looking at possible back doors into systems — best to shut them out and have them target someone else instead.