Strengthen business IT security with best practices for 360° security

During the 2024 Bitwarden Open Source Security Summit, Chris Clai, director of information security at GTI Grows, shared four key recommendations for creating an approachable IT security team: accessibility, encouragement, education, and collaboration.

These values are beneficial enough for most organizations to get behind and are especially useful for businesses operating in a geographically distributed environment. In some cases, they can also be fostered through specific technologies such as password manager. Quick and easy to set up, Bitwarden Password Manager enables companies to collaborate more securely. Its accessible environment — cross-platform access for mobile, browser, and desktop apps and supported in over 50 languages — also lends itself to overall business accessibility. 

Read on for more insights on how to create an approachable and effective IT security team.

“Engage the business where they are,” said Clai. “You want to understand the priorities and goals of your organization. What is the tone from the top? How are teams engaging with each other? When your message comes down, it should align with that of the business as best as possible to ensure there is one voice coming from the organization.”

Clai expanded on his recommendation, emphasizing the importance of correlating an overall business goal with business IT security. He also said businesses should find opportunities to fit security into the business mission. 

“Make sure the team understands that security is part of the organization’s culture, like everything else. Putting it front and center means you will be able to maintain a more secure environment.” - Chris Clai

In creating his team, Clai focused on four key components. 

1. The first is accessibility. Organizations should offer multiple avenues for contacting the IT security team, ideally allowing people to remain anonymous. “Ensuring you provide an anonymous path can be critical to getting the information you need,” said Clai. “Reducing friction is critical to ensuring your team is approachable.”

“Establishing an approachable team is going to make or break your ability to be successful in a business.” - Chris Clai. 

2. The second component is encouragement. Maintaining an empathetic and supportive tone is critical since information security professionals are often perceived as ready to say “no.” 

“If someone doesn’t understand something, support them. Be encouraging to them. Do whatever you can to help them understand, and don’t be judgmental about it.”

3. This leads to the third component, which is education. Avoid blame or finger-pointing and focus on the main takeaways. 

“If someone is blaming themselves, try to discourage that,” said Clai. “Try to let them know that this can happen to anyone - and it really can - and that it’s OK. We’re all in this together. Fostering this environment will create a continuous feedback loop and help guarantee people are comfortable reaching out to you.”

4. The last component is collaboration. According to Clai, information security professionals should aim to collaborate across the business on projects or when introducing policies or governance. This will create a group of cybersecurity champions who can attest to the information security team’s competent and supportive environment. 

One way to foster a security-minded culture is to share neutral resources and guidance as often as possible. For example, even if a company has a BYOD policy, it’s worth sharing that Apple just came out with a recent zero-day fix and that employees should update their phones. Emphasize why something like this is important even if they don’t have business resources on their phones because it aids in overall security preparedness. This builds credibility with employees and ensures they will reach out to the information security team in a time of need.

“When we’re engaging with people for business security awareness, there are three key things we want to do,” said Clai. “The first is to relate business security to personal security. There are very few things in our business world that do not translate in some way, shape, or form to someone’s personal life. 

Making sure employees use strong passwords or password managers like Bitwarden is critical for them to be secure at home and at work.”

Finally, Clai strongly recommends information security teams steer clear of a fear-mongering approach. 

“Fear, uncertainty, and doubt are one of the biggest deterrents to effective communication,” said Clai. “Avoid those as much as possible and focus on what the end user needs to understand. Focus on what the business needs to understand. How does this impact them? What is the challenge they need to overcome? How do we need to move forward from here to ensure employees remain secure?”

Protecting critical data is essential for the survival and success of businesses. Implementing robust access controls, encrypting sensitive data, and regularly backing up critical data are fundamental practices. It’s also crucial to ensure that employees understand the importance of data protection and follow best practices for handling sensitive data, such as using an enterprise-wide password manager for protecting and sharing passwords. By safeguarding critical data, businesses can prevent data breaches, maintain customer trust, and ensure the continuity of their operations. 

Employee education and training are essential for businesses to prevent cyber threats. Employees are often the weakest link in a company’s cybersecurity defenses, so they must be educated on best practices for internet usage, password management, and recognizing phishing and social engineering attempts.By investing in continuous education and training, businesses can create a vigilant workforce capable of defending against cyber threats.

Educating employees on these practices is part of a comprehensive cybersecurity strategy. Employees should also be trained how to use strong passwords and protect sensitive data. By promoting a culture of cybersecurity awareness, businesses can reduce the risk of cyber threats and ensure the security of their business data. Continuous education and training help create a vigilant and informed workforce ready to tackle cybersecurity challenges.

Securing networks and internet connections is critical for organizations to protect sensitive business data. Using strong passwords and multi-factor authentication is essential to safeguard networks from potential breaches. To further secure their internet connection, businesses can utilize a virtual private network (VPN) to encrypt their internet traffic, ensuring that sensitive information remains protected. Keeping the operating system and software up-to-date with the latest security patches is also vital to close any security gaps. 

Cybersecurity is not only a technical issue but a critical business concern. Protecting sensitive data is paramount to prevent financial losses and maintain customer trust. A cybersecurity breach can lead to devastating consequences, including reputational damage, loss of customer confidence, and even business closure. Corporations are often targeted by cybercriminals due to their perceived value and vulnerability, making it essential to prioritize cybersecurity. By implementing robust cybersecurity measures like password management and multifactor authentication, businesses can safeguard their data, prevent cyber threats, and ensure operation continuity.

Cybersecurity is a critical aspect of business operations, and teams must take proactive steps to protect their business. By understanding cybersecurity risks, securing networks and internet connections, educating and training employees, and having an incident response plan in place, businesses can minimize the risk of cyber threats and protect their critical data.

Businesses must also stay up-to-date with the latest cybersecurity threats and trends, and regularly review and update their cybersecurity measures to ensure they are effective. By taking these steps, businesses can protect their reputation, customer trust, and bottom line.

Get started securing your business today with a teams or enterprise trial or sign up for a free individual account.