David K. Shepherd, a senior consultant at firm LMI, has offered strategies that he believes information technology leaders can adopt to minimize damage in event of a cyber attack.
Shepherd indicated in an Oct. 30 guest post on the Northern Virginia Technology Council’s blog that proper risk mitigation procedures should be in place, given the rise in data breach frequency.
He urged federal IT organizations to strive for balance and cited recent research that found half of security incidents at federal agencies were attributed to users bypassing compliance rules, often to get a task done faster.
“Increasing the number of security rules will not decrease employee data losses,” Shepherd said.
He suggested several approaches, including discovering the tools users use to stay productive, providing constant training and investing on cyber defense.
“If we don’t provide secure, capable tools, they will find another way,” Shepherd said.
“We can continue to fight against them, or we can investigate their needs, accept the challenges and work to meet those needs while still ensuring security.”