Francis Ofungwu, director of network security services at Unisys, urges small and midsize businesses to put information security at the top of their corporate strategic plans for 2015 to address the continued threat of data breaches.
Ofungwu wrote Thursday that SMBs should focus on more than the hardware and software investments and follow an approach that bolsters the management of resources to protect data.
He says that a data discovery and classification exercise is important to identify the types and level of sensitivity of information in an organization and fit the data security strategy accordingly.
He also suggests enterprises perform a regular review of the value chain to determine how sensitive information passes through and is processed by third parties.
“This is important because as long as you are the official controller of that information, you are accountable for any breaches, even if it occurs due to the poor controls of a 3rd party,” Ofungwu says.
He also calls on greater attention to response controls in the event of a breach to limit impact on business and scorecards for security performance and the effectivity of security programs to determine returns on investment and shape next year’s corporate strategies.
Ofungwu notes that SMBs should also evaluate the continued applicability of existing security systems on emerging threats.
“No one wants to be seen as the person wasting resources, but it is important to ask hard questions that determine if the investments we made in previous security programs are still fit for purpose.”