Security

How to get security right in digital transformation: 10 best practices

Involving security leaders from the start and raising accountability are some of the steps companies can take to improve digital security, according to a PwC report.

As the business world embraces digital transformation, it is simultaneously embracing the power of data and its impact on employees, end users, and customers. However, many organizations are seeking to leverage data without understanding its full implications, putting their company at risk in the process.

SEE: Digital transformation in 2019: A business leader's guide to future challenges and opportunities (Tech Pro Research)

A recent PricewaterhouseCoopers (PwC) report sought to examine the current state of the enterprise in regard to issues like cybersecurity, privacy, and digital trust. The report found some key trends that can help business leaders stay safe in the digital age.

Here are 10 areas where companies can improve their processes and workflows to boost the security of their organization when undergoing digital transformation.

1. Engage security experts at the start of digital transformations

Risk management should be considered at the onset of a digital transformation project, the report said. Companies should involve security leaders from the start, and network with their peers to understand their experiences as well.

2. Upgrade your talent and leadership team

Only about 39% of the 3,000 people surveyed by PwC said they had the proper amount of people in leadership to address cybersecurity. Adding roles like chief information security officer (CISO), chief security officer, chief privacy officer, and more can give your organization a better security stance from the start.

3. Raise workforce awareness and accountability

A mere 34% of those surveyed said they had an employee security awareness training program in place. IT should work to establish the proper policies around security and privacy, while also raising awareness among employees, the report suggested.

4. Improve communications and engagement with the board of directors

A little more than a quarter of respondents said they were confident their board was getting the right data and metrics on their security and privacy initiatives. Knowing the proper measurements and their business impact, and taking steps to improve board-level communication, can set your business up for success.

5. Tie security to business goals

Cybersecurity should be embedded into new products, and plans around security and privacy should be refreshed as needed, the report said. Performing the proper assessments also gives you a better baseline of what needs to be done to remain secure.

6. Build lasting trust around data

Businesses should create data governance programs to help leaders understand where critical data lives and how it impacts the business, the report said. Risk should also be managed for the entire data lifecycle, not just key parts.

7. Boost cyber resilience

"Cyber resilience includes the agility of both defense and recovery capabilities," the report said. "Resilient systems help companies to sustain operations when possible amid cyberattacks, and to rapidly recover in the event of disruption." As such, companies should build resilience into their security strategy.

8. Know thy enemies

Cyberthreats will vary depending on the industry you're in, the report said. Companies should use threat intelligence and insider threat programs to understand and prepare for the most likely security scenarios they could encounter.

9. Be proactive in compliance

Businesses should pursue an integrated approach to compliance, and stay on top of new laws and regulations that could affect their data, so they don't find themselves behind the eight ball, the report noted.

10. Keep pace with emerging technology

"Explosive growth in technology and data over the next decade will obliterate barriers between cyber, physical, and virtual worlds, ratcheting up the complexity and scale of cyber and privacy risk management worldwide," the report said. Leaders need to understand emerging technologies including the Internet of Things (IoT) and Artificial Intelligence (AI) and their potential impact on security and operations, pursuing security in approaches to these technologies from the get-go.

Also see

digitalsecurity.jpg
Image: iStockphoto/metamorworks

About Conner Forrest

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks

Free Newsletters, In your Inbox