Three Steps for Building an IT Security Strategy


Amos Aesoph, CSO Xigent Solutions

A long time ago a wise man said “prevention is better than cure.” That same wisdom is especially true today, perhaps more than ever, when talking about business security strategy.

A security strategy documents how your company will protect its physical environment and information technology assets as well as remain compliant in the event of a security breach. The frequency with which security threats occur only continues to increase, making it even more important for mid-market companies to take a proactive stance.

The high cost of doing nothing

A security breach can have a pervasive impact on your business. According to the Ponemon Institute, the cost of a security incident can range from $225 to $336 per record, depending on the industry. In addition to lost revenue, breaches have the potential to impact productivity by distracting your employees from business-critical activities and damage your company’s reputation causing customers to lose trust in your company.

The value of an in-depth security assessment

“Many mid-market companies don’t have an adequate security strategy because they over-estimate how secure their systems really are,” stated Amos Aesoph, Chief Security Officer at Xigent Solutions. “A long-term security strategy will define what you need and when you need it. You’ll be less likely to spend money on things that don’t align with your strategy, reserving capital to invest in the areas that strengthen your overall security posture and insulate your business against a security breach,” Aesoph explained.

Three steps to build a security plan for your business:

Step 1: Get a security assessment from a qualified partner

An experienced security partner will complete an in-depth assessment of your security strategy. This will reveal the strengths, weaknesses and gaps in your current protocols.

A security assessment will identify the highest areas of risk that require immediate action that will help you scale and prioritize the levels of investment that are needed. It will also assess whether the right people, processes and procedures are in place, define recovery times and ensure all processes are repeatable.

Fortifying and protecting the physical locations where data is physically stored should also be part of the security assessment. Are there preventative measures like locks, cameras and an access log in place to record anyone who enters or leaves the facility?

Step 2: Allow enough time

“One of the biggest surprises and most overlooked part of implementing a security strategy is the amount of time it takes,” continued Aesoph. “Often customers are surprised at how meticulous and well thought out the strategy needs to be. There are several facets involved, including administrative, technical and physical considerations. Another critical component of any security strategy is HR, including background checks,” stated Aesoph.

Step 3: Keep ahead of the game

Security threats are a constant part of the business landscape, and they’re becoming more complex. Many threat actors are state sponsored and the tools they use can be very sophisticated. In other cases, tools like ransomware or denial of service have become easy to obtain and can even be rented by the hour.

Keeping ahead of these threats can be difficult, so partnering with a security expert and utilizing services and products that have a deep threat intelligence built in, like Cisco’s Talos, can give you the upper hand.

About Xigent Solutions

Xigent Solutions specializes in IT services and solutions for mid-market organizations. By partnering with our customers holistically, we engage on both strategic and tactical levels to help them drive greater business outcomes from IT. We do this by helping our clients create and manage Business Efficient IT (BEI) where IT resources—people, process and technology—are more fully utilized with Xigent’s enterprise-based methodology to deliver greater outcomes while minimizing IT cost and inefficiency. To find out how Xigent Solutions can help your business make the digital transformation, contact us.