One of the most common questions that get asked by businesses is ‘who’s responsible for our cyber security’.
Well, not to sound like a cop-out, but everyone has some responsibility to keep your organisation secure.
When it comes to the technical stuff though, it’s usually assumed that IT handles it all - they’re the ones that deal with computers after aren’t they?
If only it were as straightforward as that.
Let’s first unpack what the role of an IT professional really is...
What does your IT team do?
IT teams can vary depending on your business and its needs, but generally speaking, IT is all about technology, making sure it is up and running so operations can continue as usual. This includes your networks, web services and devices.
Keeping this ecosystem going is key to the IT team’s success. By monitoring your infrastructure, these guys can identify specific problems as and when they arise, step in and work their magic so you can continue your work.
Functionality is the important thing to remember here. IT is there to help your business meet its goals by making sure there are no technological barriers.
Of course, this won’t just be sitting around waiting for issues. IT are tasked with using technology to enhance business operations, be that smarter ways to store your data or automating common processes to speed up the way you work.
In essence, IT are an integral part of any business, especially as our world becomes inevitably more digitally oriented.
Where does security come in?
IT Support teams do not completely disregard security, of course. The engineers will understand the importance of a secure environment. But generally, engineers will only concern themselves with providing a basic level of security.
For example, they will ensure data is accessed in a secure manner such as implementing password authentication methods, but the main goal is to facilitate people working quickly, easily and effectively with systems and data.
For security to be adequately addressed in your digital environment, there’s another character needed in this story, and that’s the cyber security specialist.
Security specialists are wholly focused on exactly that - security. They have a different mindset from IT teams.
Think of it like this: if there’s a bit of data, IT will make sure to allow easy and safe access, perhaps by requiring a password. Cyber security specialists, on the other hand, will implement further controls on the access to that data, for example how it can be accessed, whether it can be moved and who can access it.
This control that is reinforced by security teams may look like overkill but without this level of granularity, important data can be left vulnerable and easy for bad actors to breach.
Security specialists know that if a user can access something, a threat actor can too, so the aim is to make that attack and path to the data more difficult, even if that presents an inconvenience to end-users sometimes.
The IT approach is to deliver centralised management across many end-points, keeping costs low. Security additions can be seen as an increase in costs, as it's not a one-size-fits-all and is usually more expensive to deliver.
This can be why business owners decide the security measures supplied by IT are sufficient, but this is not the case. At the end of the day, secure ‘enough’ is never sufficient to protect against attackers.
The dream team
This is not to say that IT teams aren’t doing their job properly if they’re not making things as secure as they should be, it’s just that this is not their remit.
MSPs and IT providers do a brilliant job of keeping things operational and convenient for users but they are generally more focused on doing what the client wants rather than needs when it comes to cyber security.
You’ve probably been frustrated in the past because of a security requirement, for example when wanting to log in to an app quickly but you find the process slowed down because you must put in both a password and then a PIN sent to another device.
The truth is MFA (multi-factor authentication) is a crucial component of a secure environment, potentially one of the most simple but effective measures you can implement to protect against cyber attacks, so while it may seem inconvenient, having it enforced within your organisation makes all the difference.
While IT teams may not enforce this, cyber security specialists will, because security is their priority rather than facilitating efficiency in business operations.
Hopefully you’re beginning to see that the best-case scenario here is the combination of these two roles working together. Being able to carry out daily business tasks with ease using technology is hugely important for any organisation, but protecting this data that you work with should be equally prioritised.
We can’t rely on IT teams to cover every single aspect of our infrastructure. Security is its own division, evident by the fact that there are specific job roles in charge of managing it.
But the two teams function best for the company together, building solutions to allow secure access to data and maintaining business continuity by both enhancing operations and protecting the company from cyber threats.