如何利用好it技术创业_利用和了解IT安全性

如何利用好it技术创业

Security continues to be a cornerstone of IT efforts as the digital age shows no signs of slowing. Where there is any digital activity, there is potential for a breach—in fact, it is predicted that cybercrime will cost the world $6 trillion annually by 2021. Most attackers target small-to-medium businesses, as they’re aware that organizations of this size might not have solid cybersecurity measures in place.

Here are the top four considerations for implementing and innovating security procedures within your company.

Create a culture of IT security

The vast majority of security breaches happen because of negligence, ignorance, or malicious intent from employees. If your company has a lax culture when it comes to security, it’s bound to lead to someone making a mistake that could effectively shut the doors of your company. 

According to Wesley Simpson, COO of (ISC)2, patching your human knowledge is just as important as patching and updating your software. He says, “Your people are your assets, and you need to invest in them continually. If you don't get your people patched continually, you're always going to have vulnerabilities. Even in a company with hundreds of employees, it's worth training them as opposed to taking on the risk of a breach.” 

Conduct regular training with each of your employees, starting at onboarding. Setting the mindset of security from the start of employment and regularly reinforcing it throughout an employees tenure (at least once annually) will help to educate your team about the importance of IT security, as well as best practices for ensuring that they aren’t falling for phishing attempts or other common attacks.

Leverage AI and machine learning for security

One of the most terrifying parts of IT security breaches? You might not even know one has occurred until months later. On average, 68% of breaches took months or longer to discover. Effective use of machine learning and AI can reduce the time to identify breaches, making it easier to respond as quickly as possible and reduce the impact a breach has on business data. With cloud computing and automation on the rise in the workplace, it only makes sense to continue that push in cybersecurity. 

Cybersecurity systems can leverage artificial intelligence to analyze data from past breaches, simulate potential outcomes of a new breach, and easily detect existing and future vulnerabilities. Analyzing past breaches won’t necessarily prevent future attacks, but can ensure that your defenses are in place in the event an attacker attempts a similar approach. Keeping up-to-date on new and emerging threats can prepare you to stay ahead of the threat landscape. It’s safe to say that you don’t want to be behind the curve in the event of a new and unique attack. 

Rather than thinking of machine learning and AI systems as a cure-all for your security problems, consider them fortifications for your existing procedures. If you think about viruses in human terms: AI isn’t the cure for the common cold. AI is a vitamin-enriched supplement to your existing immune system that can help your defenses stay solid.

Enhance your IT team’s control over devices

As employees become more tech-savvy, many take IT troubleshooting and installations into their own hands. Shadow IT, or the use of IT projects and products outside of, and without the knowledge of the IT department, is becoming increasingly common in workplaces and poses a critical threat. 

Over 80% of employees admit to using shadow IT applications in the office, a critical issue that threatens cyber security and poses serious compliance risks. Shadow IT usage includes software, cloud services, or even hardware on a business network—without the consent or knowledge of your IT department. Bring your own device (BYOD) policies, while cost-saving on hardware can pose network threats if one of your employees uses a device with a virus on your business networks. 

Since internal IT departments by definition do not know about shadow IT usage until it’s too late, it’s impossible to prevent the damage unless you have proper protections in place. Make sure that your WiFi networks are secure and connections are encrypted. Require employees to register any devices they’re using under bring your own device (BYOD) policies, and place admin requirements on company-owned hardware to prevent the installation of shadow applications. 

由于数字时代没有丝毫放缓的迹象，安全性仍然是IT工作的基石。 在存在任何数字活动的地方，都有可能遭到破坏—实际上，据预测，网络犯罪将使世界付出代价   到2021年每年达到6万亿美元 。 大多数攻击者将目标锁定为中小型企业，因为他们知道这种规模的组织可能没有适当的网络安全措施。

以下是在公司内部实施和创新安全性程序的四个主要注意事项。

营造IT安全文化

绝大多数安全漏洞是由于员工的疏忽，无知或恶意而发生的。 如果您的公司在安全性方面具有松懈的文化，那肯定会导致某个人犯了一个错误，这可能会有效地关闭公司的大门。

据韦斯利·辛普森（Wesley Simpson）称，   （ISC）2 ，修补您的人类知识与修补和更新软件一样重要。 他说：“您的员工是您的资产，您需要不断对其进行投资。 如果您没有不断地打补丁，那么您总是会遇到漏洞。 即使在拥有数百名员工的公司中，也值得对他们进行培训，而不是承担违规风险。”

从入职开始，对每位员工进行定期培训。 从雇用开始就树立安全心态，并在整个雇员任职期间定期加强安全心态（至少每年一次），这将有助于教育您的团队有关IT安全重要性的信息，以及有关确保其安全的最佳实践用于网络钓鱼或其他常见攻击。

利用AI和机器学习提高安全性

IT安全漏洞中最可怕的部分之一？ 您甚至可能直到几个月后才知道发生了什么。 一般，   68％的漏洞需要几个月 或更长时间才能发现。 有效地使用机器学习和AI可以减少发现违规的时间，使其更容易尽快响应，并减少违规对业务数据的影响。 随着工作场所中云计算和自动化的兴起，只有继续推动网络安全才有意义。

网络安全系统可以利用人工智能来分析过去违规的数据，模拟新违规的潜在结果，并轻松检测现有和未来的漏洞。 分析过去的违规行为并不一定能阻止将来的攻击，但可以确保在攻击者尝试类似方法的情况下，您的防御措施已经到位。 紧跟最新的和正在出现的威胁可以使您做好准备领先于威胁环境。 可以肯定地说，如果发生新的独特攻击，您就不会落后于潮流。

与其将机器学习和AI系统视为解决安全问题的万灵药，不如将其视为您现有程序的防御工事。 如果您以人类的角度考虑病毒：AI不能治愈普通感冒。 AI是您现有免疫系统中富含维生素的补充剂，可以帮助您的防御系统保持稳定。

增强您的IT团队对设备的控制

随着员工越来越精通技术，许多人将IT故障排除和安装掌握在自己手中。 影子IT或在IT部门不知情的情况下使用IT项目和产品以外的产品在工作场所变得越来越普遍，并构成了严重威胁。

过度   80％ 的员工承认在办公室使用影子IT应用程序，这是威胁网络安全并带来严重合规风险的关键问题。 未经IT部门的同意或不了解，Shadow IT的使用包括软件，云服务或业务网络上的硬件。 拥有自己的设备（BYOD）策略，而如果您的一名员工在您的企业网络上使用带有病毒的设备，则节省硬件成本会构成网络威胁。

根据定义，内部IT部门直到太晚才知道影子IT的使用情况，因此除非有适当的保护措施，否则无法防止损坏。 确保您的WiFi网络安全且连接已加密。 要求员工根据自己的设备（BYOD）策略注册他们正在使用的任何设备，并对公司拥有的硬件提出管理要求，以防止安装影子应用程序。

Secure Data In The Cloud

保护云中的数据

Almost all of what we do over the web is in the cloud with cloud-based servers, email, data storage, applications, and computing. This means communication between the computer hardware that sits in your office and the cloud needs to be secure. With connectivity and the flow of conversation, there are concerns about vulnerability, privacy, and reliability. This has resulted in a need to protect data in the cloud, which has given rise to the need for cloud computing security.

Security for your computers, your network and your data need to be optimized for the cloud. Businesses that use public clouds, private clouds, or a hybrid cloud need to protect the exchange of data between them and their associates, clients, and employees.

我们在网络上所做的几乎所有工作都在基于云的服务器，电子邮件，数据存储，应用程序和计算的云中。 这意味着办公室中的计算机硬件与云之间的通信需要安全。 通过连通性和对话流程，人们担心漏洞，隐私和可靠性。 这导致需要保护云中的数据，这引起了对云计算安全性的需求。

您的计算机，网络和数据的安全性需要针对云进行优化。 使用公共云，私有云或混合云的企业需要保护它们与员工，员工和员工之间的数据交换。

Your IT department should be proactively involved in developing a cloud security framework, which means the creation of a strategic framework to control how all operation will take place in a cloudーbe it public, private, or hybrid cloud, you should be able to manage access, protect data, and more.

Compliance requirements are evolving

As data breaches become more common and companies collect more data as part of their day-to-day business practices, regulations around data protection have evolved. Consumer data is extremely important to business functions, but compliance violations can be costly, both when it comes to financial penalties and damage to your reputation. 

The General Data Protection Act (GDPR) and California Consumer Privacy Act (CCPA) are two recent regulations that control how individual data is handled, including how the consent to collect data is given and how data can be used. These regulations, and similar ones in various states and countries, aim to protect data privacy and consumer rights while penalizing misuse of data and negligence that contributes to data breaches. 

These regulations also have specific requirements for data breach notification, and financial compensation that must be awarded to each consumer impacted by a data breach. These regulations, therefore, compound the existing high costs of data breaches. Violation can also result in fines, making compliance critical even if you’ve never experienced a breach. 

It’s up to the IT department to lead the charge in security and compliance education, as you’re likely to face a major issue if these regulations aren’t followed. It’s absolutely critical that knowledge of these requirements is shared in every department in order to make sure that no data is misused through negligence and that every employee takes ownership over compliance.

Get IT security advice from industry professionals

It isn’t enough to just train your company’s employees on standards and best practices—you should lead by example and seek out education and guidance to improve your organization’s IT security practices. One of the best ways to learn new approaches to IT security and data breach prevention is to consult with other experts and model your security policies after best-in-class organizations.  

Whether you’re looking for quick tips, answers to questions, help to solve a specific problem, or a fully detailed learning plan for your IT team to improve security, Experts Exchange can help. With over 1,500 available training sessions and hundreds of thousands of daily users, Experts Exchange is the leading knowledge-sharing and training platform for the IT industry. 

We carefully vet each of our certified IT experts to ensure that you’re getting the most informed, up-to-date professional help in a wide variety of topics related not only to security. Improve the way your organization handles implementation, development, and cloud-based technologies with assistance from Experts Exchange. 

您的IT部门应积极参与开发云安全框架，这意味着创建战略框架来控制所有操作如何在云中进行，无论是公共云，私有云还是混合云，您都应该能够进行管理访问，保护数据等。

合规要求不断发展

随着数据泄露越来越普遍，并且公司在日常业务实践中收集了更多数据，围绕数据保护的法规也在不断发展。 消费者数据对于业务功能极为重要，但是违反合规性可能会造成高昂的代价，包括财务罚款和声誉损失。

《通用数据保护法案》（GDPR）和《加利福尼亚消费者隐私法案》（CCPA）是最近的两项法规，控制如何处理个人数据，包括如何获得收集数据的同意以及如何使用数据。 这些法规以及各个州和国家/地区的类似法规，旨在保护数据隐私和消费者权益，同时对滥用数据和疏忽大意造成数据泄露的行为进行处罚。

这些法规还对数据泄露通知有特殊要求，必须向受数据泄露影响的每个消费者授予经济补偿。 因此，这些规定加剧了现有的数据泄露高成本。 违规行为也可能导致罚款，即使您从未经历过违规行为，也必须遵守法规。

由IT部门负责安全和合规性教育方面的工作，因为如果不遵守这些规定，您可能会遇到重大问题。 在每个部门中共享对这些要求的知识是绝对关键的，以确保不会由于疏忽而滥用任何数据，并且确保每个员工都对合规负责。

获得行业专家的IT安全建议

仅对公司的员工进行有关标准和最佳实践的培训是不够的–您应以身作则，并寻求教育和指导以改善组织的IT安全实践。 学习新的IT安全和数据泄露防护方法的最佳方法之一是与其他专家协商，并根据一流的组织对您的安全策略进行建模。

无论您是寻找快速提示，问题的答案，帮助解决特定问题，还是为IT团队提高安全性的全面详细的学习计划，Experts Exchange都能为您提供帮助。 Experts Exchange拥有1,500多个可用的培训课程和数十万的日常用户，是IT行业领先的知识共享和培训平台。

我们仔细审查了我们每个人   经过认证的IT专家 ，可确保您在与安全相关的各种主题中获得最全面，最新的专业帮助。 在 Experts Exchange的 帮助下，改善组织处理实施，开发和基于云的技术的方式 。

翻译自: https://www.experts-exchange.com/articles/33952/Leveraging-Understanding-IT-Security.html

如何利用好it技术创业