Tips to Avoid IT Security Pitfalls: Common IT Business Risks

By Amos Aesoph, Xigent CISO

As the Chief Information Security Officer at Xigent, Amos Aesoph has gathered numerous tips over his 25+ years of IT Security experience to help IT leaders and businesses they support to avoid IT security pitfalls. As Amos starts to peel back the layers of the IT Security onion, the tips he covers in his first video in the series are “Common IT Business Risks.”

What is an IT Security Business Risk?

IT security business risks can be covered under 3 main areas:

1. Confidentiality – Data Privacy: Make sure that your information does not get into the hands of people you don’t want to have that information.
2. Integrity – Valid & Accurate Data: Ensure that your data within your systems is always validated and accurate and that the data doesn’t get changed inadvertently or intentionally.
3. Availability – Accessible Data: The data you have needs to be available to your end users to keep productivity up for all employees and secure – if it is not, that data is not useful to you.

Who Should Define Risk in a Company?

Xigent recommends businesses have a committee or a group of people who are responsible for understanding the risk of the business and having a single source or a single individual who is responsible for that. Sometimes, risks get missed or are prioritized incorrectly, and that usually leads to business risks not being managed as well as they can be.

How Do Organizations Deal with Risk?

When an event occurs, or a problem happens, we frequently see that there is a lack of understanding as to what to do next. Either because the risk wasn’t well understood at the beginning or there wasn’t an understanding of the incident response for items like this.

How Should My Company Respond to Risk?

There are 4 primary things we can do to respond to risk:

1. Accept Risk: To accept the risk means that we understand there is a risk in our business because of a certain situation. But we need to accept it because it will hurt our business more if we don’t.
2. Insure Against Risk: That’s the reason we get cybersecurity insurance.
3. Mitigate Risk: For those risks that are a business necessity. We can put in other controls that help us reduce the amount of risk that we’re exposed to while still maintaining that business process.
4. Remove Risk: If we find that the risk is too high and the business process is affected too much, we can remove that completely as to avoid the risk altogether.

How Do Businesses Typically Respond to Risk?

Businesses today are not dealing well with IT security-related business risks. Typically, businesses don’t understand how to deal with risks or what the best course of action would be to get rid of that risk, or they just put the risk off hoping that it will go away.

When businesses experience IT Security challenges, Xigent can assist with SecurPath – a defined plan on how to identify business risks and how to deal with those business risks appropriately.

CLICK HERE to find out how Xigent’s SecurPath can help your business with this problem and more.

Want to Learn More Xigent IT Security Tips?

Be sure to check out Xigent’s SecurPath web pages, follow us on social media, and stay tuned to watch and read parts 1-5 of Xigent’s Tips to Avoid IT Security Pitfalls series to stay up to date on IT Security topics:

Xigent’s Tips to Avoid IT Security Pitfalls

Part 1 – Common IT Business Risks
Part 2 – What Drives the Need for Improved Security?
Part 3 – How Secure Does My Organization Need to Be?
Part 4 – How Do I Measure Security Effectiveness?
Part 5 – How Do I Improve My Information Security?