ARE REDUCED BUDGETS CAUSING DATA BREACHES?
Chances are you have been given a limited budget to secure your data infrastructure. You know the reason; data security is still a matter of economics for many top executives and your company probably considers IT a hit to the bottom line. You're not alone. Despite the fact that so many company breaches are in the news, countless senior executives holding the purse strings are oblivious to recognize the liability and potential cost of exposed private information.

Mid-sized companies typically don't have the budget or security expertise on staff to ensure the fortification of their systems. The irony here is that IT personnel responsible for protecting sensitive data are not the ones who bear the costs and repercussions of failed or unsecured systems, with the exception of probably losing their jobs. Executives tend to gamble with the same bottom line they're trying so hard to protect, and they just might lose. Then they'll be asking themselves if they should have done more.

An article on CIO.com called Bad Neighborhood states that mid-market CIOs don't have the budget, the sophisticated IT skills on staff, or the time to take away from core IT operations to build better defenses. They are left wide open, hoping they'll be lucky enough to duck something terrible coming their direction. NCX Group has seen this first hand. Those responsible for their business systems have good intentions when bringing us in. They know their company lacks the security expertise they need in identifying their risk and vulnerabilities, but then they put this critical project on the back burner in lieu of getting other projects done or determining there is no budget left to proceed forward. Now they're in a game of Russian roulette.

Economics does have a lot to do with data security, but although you have been given a small budget, there are some smart options available that would jump-start your data security measures. A security review would help identify your vulnerabilities and set you on a direct path to remediation, which can save lots of time and thousands of dollars. Another option is NCX Group's MyCSO, which provides a company with the expertise of a chief security officer for a small monthly fee. You then have an expert available to assist with compliance legislation, polices and procedures, segregation of duties, updates on areas of weakness, and more. MyCSO also offers managed services for ongoing vigilance of your networks.

Securing and protecting company data should be regarded as a necessary cost of doing business. But until senior executives come around, you need to act smart, even if they don't.

BILL STEVENSON JOINS NCX GROUP
NCX Group is pleased to have Bill Stevenson join our team of information security consultants. Bill is a long-time industry veteran whose information security background spans over a decade. He comes to NCX Group from IndyMac Bank where he was Vice President of Enterprise Information Security. Bill brings with him in-depth knowledge of information and physical security practices and methodologies. Prior to IndyMac, Bill spent seven years at New Century Financial where he served as AVP of Information Security. In that role, he established the operational framework and infrastructure to support the growth of 8,500 employees and all information risk across the organization. Bill is a Certified Information Systems Security Professional (CISSP) and holds a Bachelor of Science degree in Information Systems Engineering from California Baptist University.