In today’s security programs, we often lose sight of the forest for the trees and forget the basics. Removing an employee’s ability to access company property – whether physical access or access to corporate networks – is so basic that it too often gets overlooked. This article from InfoSecurity is a painful reminder of how lax many security programs are.
Is this a lack of knowledge or motivation? We would say no. More than half of the responding companies stated that ex-employees still have access to their corporate networks. As a result, this reinforces our belief that companies continue to work in silos with no comprehensive security program. Companies like ours who help organizations develop integrated security programs see it time and again. The end result is that instead of security being everyone’s responsibility, it is no one’s responsibility. Or worse, leadership puts security in the hands of non-security professionals as an add-on responsibility.
What is particularly disconcerting about this article is that we believe that it will only get worse because of a shift that we are observing where even the really large organizations have slashed the dollars spent on building comprehensive security programs. The trend we see is a patchwork of technology, contract security, and IT security that all work in silos and don’t effectively maximize their value and blend people, processes and technology. Businesses are already feeling the end result of this approach, and it will be the downfall of many.
Read the entire article here.
Plan. Protect. Prosper.
Protus3 specializes in security system design, security consulting, corporate investigations and other investigative services. Partner with Protus3 and we will examine each situation to identify threats and develop solutions for your best outcome.