Security Day: “Security, Know Your Data” – Top Takeaways and Lessons Learned

Last week, I had the pleasure of speaking at Security Day, an event hosted for government personnel by the British Columbia Information Security Branch twice a year.  It always features a compelling line-up of presentations on the most pressing security topics.

Speakers came from the government, the broader public sector and the security and privacy sectors. The topics were insightful and covered everything from mobile security and advanced attacks to privacy, compliance and an inside-look at the hacking community.  I had the honor of discussing Canada’s security preparedness for enabling a mobile enterprise. I recently spoke on this same topic at SC Congress Canada. 

I wanted to share with you some of the top takeaways and lessons learned from some of the brightest security minds at this event.

1. Even though the event is called “Security Day,” security should be a top priority for both the private and public sector 365 days a year. Threats are evolving and traditional anti-virus and anti-spam solutions just aren’t cutting it. Intellectual Property is the big prize now and you need to employ solutions that are data-centric and content aware.
2. Having an actual security awareness day is a key part of fortifying an organization’s posture. It’s increasingly important for the public and private sector to unite and share best practices for securing our future. I commend the Information Security Branch for initiating this conference and I hope that other government entities across Canada follow suit.
3. Organizations need to combine technology with diligence, vigilance and general common sense. In order to protect against today’s attacks, employee education is also key. Regularly communicating security policies with your employees with respect to social media and personal devices will go a long way when protecting your network.
4. Technology must be holistic, enabling and be administratively efficient.  Implement a technology that unifies intelligence for email security, web security, data security, and mobile security with one console and policy framework.
5. Finally - with the diversity of OS's and devices - it’s the data not the device that should be the focus. Identify your biggest weaknesses and your most sensitive data, and then apply appropriate protections. You can significantly reduce risk by understanding where your data is residing and how it’s being used.