One of the challenges in putting in place decent electronic security for clients is the three way trade off between cost, amount of security and inconvenience.
Quite often there is an understanding from clients that as their machines have “Windows Firewall” (they know this because they’ve seen it pop up with warnings at some point in the past) – that this will protect them.
So persuading them that additional protection ought to be in place has several hurdles to clear.
In day to day life, things tend to get better. Not so for internet safety.
- A new car now is a better thing than a new car 10 years ago. It’s faster, safer, less thirsty etc.
- A new washing machine is better than the ones that were on sale in the 80’s etc.
However, the internet is less safe now than it was 5 years ago.
Not only are businesses ever more reliant on internet – but with the advent of ransomware there’s a lot of money to be made by criminals.
The “I Love You” virus in 2000 was massively inconvenient, but there wasn’t very much lasting damage.
Compare that with the ruinous effect of WannaCry ransomware in the last couple of years and it’s clear that the huge benefits of the internet to businesses has to be tempered with an acceptance that there are also additional risks that simply didn’t exist a few years ago.
We should be trying to educate customers about the electronic risks that they are running in their businesses and offering possible solutions to those risks.
Once a customer has a proper understanding of where they are and what their options are, then the decision to put in place more security (or not) is up to them. Main point being: they have been able to make an informed decision.
We find that talking about security in terms of products, technical detail or anything that involves acronyms is not a helpful way to get them to that “informed decision” point. Sometimes you can literally see their eyes glaze over when you’re talking tech.
So, the main way we do try and have this conversation is to use similes / metaphors etc.
One of the ones we’ve found useful is the “Castle Walls & MarketPlace”
When businesses were only lightly connected to the internet, then it was possible to have strong perimeter security, like a “Castle Wall“.
The handful of entrances / exits are closely guarded and watched. This model has hard & well defined rules about what traffic can come in / go out of a business’ network.
HOWEVER in recent years this approach has needed more and more “castle” entrances / exits creating with every new technology.
Guest WiFi, BYOD, home working, email on phones, cloud services, SaaS, CCTV systems, remote support from vendors, antispam systems etc etc all need to have their own entrance to the network.
There are now so many entrances and exits – that it’s hard to see much of the tall castle walls at all.
What we really have is more like a street market.
With all sorts of “people” wandering in and amongst the stalls.
Defending against a threat in that environment needs a very different security approach.
It’s got to be multi layered, overlapping, flexible, extendable to where-ever your users / data might be and will need constant updates, constant monitoring, constant improvements to ensure that things stay safe.
We think that when customers realise that the “Castle Walls” model is no longer fit for purpose and that “MarketPlace” is actually where they are now anyway – then they’ll also realise that a single static firewall is not going to give them the protection it once did and that they need a better solution.