Effective IT security habits of highly secure companies
When you get paid to assess computer security practices, you get a lot of visibility into what does and doesn’t work across the corporate spectrum. I’ve been fortunate enough to do exactly that as a security consultant for more than 20 years, analyzing anywhere between 20 to 50 companies of varying sizes each year. If there’s a single conclusion I can draw from that experience, it’s that successful security strategies are not about tools — it’s about teams.
With very good people in the right places, supportive management, and well-executed protective processes, you have the makings of a very secure company, regardless of the tools you use. Companies that have an understanding of the importance and value of computer security as a crucial part of the business, not merely as a necessary evil, are those least likely to suffer catastrophic breaches. Every company thinks they have this culture; few do.