Security starts with making time. With threats evolving every day, even the most security conscious organizations need to take time out and assess their security posture. And those who take a passive approach, or no approach to security, the problem is not going to go away. All organizations, big or small, need to prioritize security and make time to have a discussion. So what do you do when you don’t have any time? And what do you do with time that you do get? Here are some thoughts.
- Make time. Security cannot wait. The attack surface that exists today is only going to get bigger tomorrow.
- Reschedule something else. If you don’t have time, find something that is taking time that can wait.
- Set up recurring time. If there is one thing we know, the security issue today may not be the same one tomorrow. Make it a priority to have a recurring time on your calendar to talk security. Maybe have your security point of contact or designated security officer talk for 5 minutes at the beginning of each staff meeting.
- Get creative. Maybe time is too hard for everyone to sit in the same room. Maybe make it a chat session, or email thread.
- Get the right people involved. Security involves everyone, or at least involves representatives from everyone. The boss sets the tone – if they are there, others will be too.
- Talk about real issues and threats to your business. Not vulnerability is going to apply to you but most may. Find those and plan a way ahead.
- Set milestones. You can’t cover everything or address everything in one sitting, but identify the issue, assign it to someone, and set milestones for resolution.
- Don’t waste time. Have an agenda. It’s that simple. And make sure people know the agenda beforehand so they can be prepared to discuss impacts in their areas.
- Start now!