As a network security engineer, I work alongside clients to develop and implement clear security strategies. Security is vital to the integrity of confidential information and business operations. Threats are always evolving, and management techniques require constant updating to ensure continuity, resiliency and compliance.

After learning from the SoCal HIMSS privacy and security webinar, I want to post some key takeaways from the information conveyed by T2 Tech Group’s partner, Marty Miller. I frequently serve on teams that must communicate between engineers and healthcare executives, and as an experienced CIO, Marty provided some valuable insight into how security efforts should integrate into business strategy.

  • It’s not a matter of if security events occur but when: Unfortunately, people steal information, teams make mistakes and physical disasters are a possibility. With all of these hazards, organizations need to go beyond simple compliance and prepare with the idea that security problems will arise.
  • Resources help, but you also need a solid framework: Some of the biggest data breaches in 2016 go beyond a lack of resources. Organizations cannot simply spend money on security appliances and services, they need an effective security framework.
    • Reports confirm a large percent of data breaches are happening not because of hackers but because of internal employees. You can minimize your security risk profile with employee education and staff training. Cultivating security awareness with your employees can’t be ignored.
    • Disaster recovery strategies should include adequate back-up solutions and a way to recover and identify compromised data. When a disaster occurs, the right infrastructure needs to be in place to prevent data loss, and you may need a method to identify what data was compromised.
  • Security impacts all aspects of a business, and it pays to collaborate: Collaborative efforts should take place before a crisis and lay the framework for prevention and recovery efforts.
  • Security is an ongoing process, not a project to start and be completed. When dealing with organizational initiatives that involve data assets, security needs to be part of the planning and execution. By integrating security into your organizational methodology different departments will be prepared for disasters.
    • Risk management requires the cooperation of more than just IT, and business leaders need to be involved for organization’s to develop a successful security program. It can’t simply be delegated to IT.
    • Expertise and talent is difficult to find and keep in-house. When trying to stay ahead of the curve, outsourcing some security functions might be an option that has to be considered.

From speaking with Marty personally, I know he is an advocate for transparency. Whether an organization needs to select appropriate security solutions, conduct vulnerability audits or complete a comprehensive security assessment, it takes a cross-collaborative team to ensure organizations can identify, protect, detect, respond and recover from potential threats. By working together, security becomes much more manageable.