What used to be a nuisance is quickly becoming the norm: Incidences of information hacks and data theft appear to be on a quickly increasing trajectory, with more and more organizations experiencing a major breach every week. Dairy Queen and Home Depot recently joined Target, Michaels, Neiman Marcus, P.F. Chang’s and a long list of other companies that have fallen victim to these nefarious intrusion schemes.
While the escalation of these attacks appears to be reaching an epidemic level with retailers, these vulnerability issues aren’t exclusive to that industry. Hospitals, universities, manufacturers and even nonprofits have been victimized in the past few years, clearly demonstrating that point-of-sale (POS) systems aren’t the only susceptible pieces of our network infrastructure. In early September, 5 million Gmail addresses and passwords were stolen and posted on a Russian security site. As of Sept. 9, the Identity Theft Resource Center lists 533 business and organizational breaches exposing approximately 18,721,149 records. That’s just the cases where an individual’s name and social security number, driver’s license number, medical record or a financial record, credit or debit card is put at risk. Not all were electronic in nature — including the North Carolina Department of Health and Human Services inadvertently mailing more than 48,000 Medicaid cards for children to the wrong addresses. But the majority of data breaches are facilitated by computers, the internet and all points in between. The experts don’t expect the onslaught to abate any time soon.
That’s why businesses need the help of true professionals to quell the onslaught. Not just antivirus and spyware update installers, but solid IT security specialists who can audit current systems and policies, recommend and implement proper upgrades, and monitor and support it all. It doesn’t matter if your clients are Fortune 500 companies or a small mom-and-pop groceries; every organization needs someone who can effectively develop and support its comprehensive intrusion defenses.
CompTIA’s IT Security Resource Bundle
Every solution provider needs to know if his or her organization is really up to that task. What security solutions do you offer and how effective would they be at stopping an attack — or the latest intrusion tricks — on your clients’ systems? Are you 100 percent sure your customers’ infrastructure would meet or exceed current industry standards? If you can’t answer those questions with a resounding “YES!” then it’s time to make some changes.
All IT security experts should be confident that they already do and will continue to provide those protections for the clients they support. On the flip side, no business or nonprofit should contract with anyone who doesn’t have those capabilities. For both the suppliers and clients, security is something they each have to get right today. The legal and financial obligations resulting from any failures are simply too overwhelming for most organizations to overcome, and those that do survive will surely incur some damage.
Solution providers simply have to have these required IT security skills to support their clients today or choose to partner with other organizations that are willing and able to fill that vital role. There’s no substitute for following industry best practices and working with quality professionals.
That’s another area where CompTIA can help. In collaboration with the IT Security Community, they’ve developed a bundle of training and best-practice programs to boost solution providers’ protection practice opportunities.
Here are some CompTIA resources to explore:
- The CompTIA Security Trustmark+ is awarded to those who meet the prescribed industry standards to best support their clients’ security needs. The application process helps solution providers validate policies, processes and planning skills, and a CompTIA Trustmark creates an excellent business differentiator.
- The Executive Certificate in IT Security Foundations is designed to facilitate a solution provider’s transformation into a trusted IT security adviser, these training sessions focus on business transformation, assessing and managing risk, and developing your solution selling strategies.
- The Quick Start Guide to Security Compliance covers dozens of the standards and regulations that impact your customers’ IT decisions. This manual explains compliance as it relates to various vertical markets and business types.
In addition to these resources, CompTIA’s library houses loads of respected industry research and a host of other IT security practice-building tools. Registered users get free access to many resources or these valuable peer-developed training resources and content.
Where’s the Beef?
An enhanced security infrastructure is only as good as the employees who use it. Are you offering IT security training to ensure your clients’ employees are aware of and following prescribed protocols? It may not seem complicated, but understanding how and why they need to follow the recommended password management techniques is crucial to data protection. They have to know what to do when a smartphone or tablet with company network access is lost or stolen.
Those are just a few of the many basic policies every business should have in place to protect their systems and information, and savvy solution providers are helping many of them develop those rules and strategies. The fundamental goal of IT security is to build an environment in which every employee understands his or her role in defending the network and the data it contains. They need to know the personal repercussions of any mistakes — there must be consequences for failure — and be allowed to offer feedback when measures are so restrictive they compromise productivity.
Most business leaders need help striking that balance, and will likely benefit from your knowledge of the threats and best practices. Find an industry vetted policy template and talk to your peers about how their customer IT security manuals are developed. And be sure to reach out to the CompTIA IT Security Community or join in the group’s meeting discussions. Chances are you’ll find a lot of valuable information — and a plethora of opportunities.
Brian Sherman is principal consultant at Tech Success Communications, an IT channel business development and marketing firm. He served previously as chief editor at Business Solutions magazine and senior director of industry alliances with Autotask. Contact Brian at [email protected].