Iron Man’s Guide to IT Security

June 27, 2012

With June almost over and summer just starting, we know that securing your business information technology (IT) isn’t the first thing on your mind. But there is a guy we thought might get your attention. He combines technical expertise with killer style, a guy of lethal wit and charm to match.

We’re talking about everyone’s favorite genius/billionaire/playboy philanthropist: Iron Man. He just happened to be in the neighborhood this past month filming his latest movie. So in his honor, here are 5 tips borrowed from the hero’s story for making your security super.

1. Be right before you’re arrogant.

If you’re going to have an ego on par with Tony Starks, you’d better have the record to back it up. He didn’t win those awards and become the darling of the military-industrial complex based solely on his personality. Even with the Iron Man suit, he did the testing to make sure his equipment was up to the task before showing it off to the world.

So when it comes to your IT, make sure you can walk the walk before you talk the talk. Don’t depend on luck or a belief that certain platforms don’t get viruses. Perform an audit of your business IT to determine potential security flaws. Check out this checklist for advice on getting started, or contact a qualified firm in your area to lead you through the process.

Make sure your system can live up to high expectations, which leads us to point two ....

2. Plan for emergencies before you get shot in the chest.

A network interruption can have all the subtlety of a bomb. One minute everything’s going great, the next: bam! Suddenly your users aren’t able to access their email or get documents they’ve stored remotely. Productivity life signs are down, and you find yourself turning to old tools just to get by (quick, find that carbon paper!)

Faced with that kind of challenge, Tony Starks built himself a complete artificial heart. Of course, as we said before, he’s a genius (and, er, fictional). If you don’t happen to have him or a clone on staff, we’d suggest you bank on the idea that your system will experience problems. Develop a plan for dealing with outages (whether natural or man-made), and what steps you’ll need to take for recovery. If you want some superhero-level help, consider a managed services or security partner.

Getting cocky? Wait, there’s still more to consider ....

3. Your biggest threats could be on the inside.

It can be exciting to thwart the schemes of gunmen and thugs, or keep those malicious hackers at bay. Yet the greatest problems might come from your system’s legitimate users. Insider threats, whether intentional or accidental, are always a risk to your business and especially any proprietary digital property (like the plans to a really cool flying suit). At the annual DEF CON Hacking Conference, social engineers test security measures by attempting to get companies to reveal sensitive information in a hacker’s version of capture the flag. Last year all 14 targets were penetrated.

Just what can you do about friendly fire (or lasers)? Make sure users don’t have higher security privileges than they need. Lock down certain systems and maintain an activity log. Again, consider contracting with a security partner who can monitor the system 24/7.

But don’t go nuclear on your users, you’re going to need them ....

4. Get a little help from your friends.

How does Iron Man manage to save the world and score an awesome social life? Great help. Hey, the man himself admitted he could only survive a week without his trusty assistant Pepper Potts, and there was only one person he trusted to help put his heart back in place (literally). While he’s often seen as a solo fighter, Starks actually has rather larger team of people he can draw on to get the job done.

The takeaway? Don’t treat your employees like parasites: enlist them as partners in your fight. Train your system’s users to recognize phishing scams. Encourage open channels of communication with your security team to make sure problems are reported and dealt with before they get too big. Develop guidelines based on sound security practices and user input for better compliance.

Still, even the best of teams can goof up. That’s why there’s one last thing to remember ....

5. Fessing up is the cool thing to do.

Sometimes things just happen. You’re running a successful business, and suddenly find a serious problem that exposes confidential information to the public. You’re doing all your can for your customers, but security flaws botch a whole slew of orders. You try to save the world, and your arch enemy uses your own weapons against you in a fiery battle to the death (what, you never faced that last challenge?)

Regardless of what the world throws at your business IT, there’s bound to be collateral damage at times. You might be tempted to hide the extent of the damage, but it’s at times like these that a true hero steps forward and admits the truth. Public disclosure of an IT security incident encourages trust from your customers and employees and allows you to set the record straight on how you’ve handled the problem.

Bottom line: your IT security might not be as sexy as Iron Man’s, but it can be just as effective in making your business a safer place to work.