Print
Category: News

Washington, DC - “Sound data security is a process, not a checklist.” We’ve all heard that slogan – and with good reason. The way that sensitive information moves into, through, and out of your company’s networks or the software products you develop is ever-evolving. So, too, are the risks that hackers and data thieves pose as they adapt to the countermeasures you take to foil their efforts. Approaching data security with a one-and-done attitude ignores the here-and-now realities you face. That’s why Start with Security recommends that companies put procedures in place to keep your security current and address vulnerabilities that may arise.

A look at FTC law enforcement actions, closed investigations, and the experiences that businesses have shared with us demonstrates the wisdom of that advice. These examples illustrate why you should keep your security up to date and respond quickly to credible threats.

Update and patch software.

Sometimes companies learn that their networks – or third-party software installed on their networks – are vulnerable to a new form of threat. If that’s the case, find out what the experts recommend and act accordingly.

In other instances, a company determines that its own products already in consumers’ hands possess a vulnerability to an existing or new threat. In that instance, take steps to correct the problem with an update or a patch and move quickly to let customers know about remedial steps they should take.

Plan how you will deliver security updates for your product’s software.

No matter how secure you believe your product to be, software vulnerabilities may be discovered in the future. Security-savvy companies have a plan in place to issue timely security updates. The method will depend on the nature of the product, but it’s wise to build those contingencies in before you go to market.

Heed credible security warnings and move quickly to fix the problem.

On the subject of security, there’s a lot of cross-talk among tech experts, researchers, government agencies, industry pros, and consumers. With a wealth of expertise out there, it’s wise to keep your ear to the ground when the topic turns to emerging risks and potential vulnerabilities. Pay attention when you get wind of security warnings that could affect your network or your product. Also, if experts are trying to reach your company to sound a particular alarm, will their messages get to the right people quickly?

The lesson for companies committed to sticking with security is to create channels in advance to receive and send critical information about potential vulnerabilities. Move quickly to implement appropriate security remedies.