• Clark: Seven ways to increase your organization's security

    In today’s rapidly evolving business landscape, security is more than just a safeguard. It’s a critical function that supports the success and longevity of the business.
    Oct. 28, 2024
    4 min read
    91427646 | Robert Crum | Dreamstime.com
    671a4c6b2d447c1aeb5a0cd5 Dreamstime L 91427646

    Today, every fleet, just like every business, must address security threats, which seem to keep growing at a seemingly exponential rate. Increasingly, security plays a pivotal role, serving as the foundation for safeguarding assets, ensuring compliance, and protecting customers and shareholders.

    As businesses evolve, so does the role of security. A company's success can be greatly influenced by a mature security program that builds customer trust, ensures regulatory compliance, and mitigates risks. That’s why implementing best practices for building and maintaining an effective security framework is essential.

    At a recent NationaLease meeting, Derek Saunders, AVP of security at Geotab, a leader in connected transportation solutions, addressed this issue and discussed steps businesses can take to protect their assets, customers, vendors, and reputation.

    Saunders noted that many businesses do not have the necessary talent to provide real security on their own. That’s when companies should turn to third-party security experts to help mitigate any security threats that may arise.

    Security best practices for your business

    1. Engage security early in business decisions

    Involve the security team early in business decisions and application development. Waiting until the last minute to integrate security into projects can lead to vulnerabilities and costly retrofits. Companies can create more secure solutions from the ground up by embedding security into the initial stages of product development, infrastructure planning, and business strategies. Involving security professionals early also ensures that business decisions align with the organization’s risk appetite and contractual obligations.

    2. Implement security in depth

    The concept of "security in depth" refers to the use of multiple layers of defense to protect an organization from potential threats. It acknowledges that no single security measure can safeguard all systems or data. A well-rounded security approach should include a variety of techniques, such as firewalls, intrusion detection systems, encryption, access control, and employee training. By creating layers of defense, a breach in one area is less likely to lead to complete exposure or compromise. Whether your business is small or large, implementing security in depth is essential for preventing unauthorized access and ensuring data integrity.

    3. Adopt and align with industry standards

    Every business operates within a unique regulatory and industry-specific framework. It’s important to identify a security standard that your customers acknowledge and require and base your security controls upon that standard. Aligning with a recognized security standard makes it easier to eventually move toward formal certification, which not only provides external validation of your security practices but also builds trust with customers and stakeholders.

    See also: Safety, security systems make this fleet safer

    4. Build a dynamic and balanced security team

    A strong security team is composed of diverse skills, from technical expertise to people management to business knowledge. A well-rounded team is crucial for managing cybersecurity's complex and evolving challenges. A balanced team might include experts in areas such as compliance, incident response, threat analysis, and business continuity. People management skills are equally important in fostering a security-conscious culture within the organization, as are communication skills to explain security risks to executives by illustrating how security policies align with overall business objectives.

    5. Risk management: identification, mitigation, and escalation

    The primary role of security is to identify, mitigate, and escalate risks. However, third-party security professionals are not responsible for assuming those risks. That responsibility lies with executive management, who must make informed decisions about which risks to accept and which to avoid. Security teams provide the necessary information and insights to help executives make these decisions.

    6. Handle ‘red tape’ issues

    In some cases, businesses may require additional layers of security or regulatory compliance, often referred to as ‘red tape.’ Saunders notes that security teams should not hesitate to offer these services when needed. However, security should also strive to provide paths of least resistance for businesses that don’t require such stringent measures. Offering a flexible approach ensures that security is seen as a business enabler, not an obstacle.

    7. Maintain data flow diagrams

    Data flow diagrams are essential tools for understanding how information moves within a system. They help identify potential vulnerabilities and ensure that all data is adequately protected throughout its life cycle. Regularly updating and maintaining these diagrams ensures that security teams have a clear picture of data pathways, enabling them to spot any weak points or areas that need additional security measures.

    A critical function for business

    Saunders emphasized that security is more than just a safeguard in today’s rapidly evolving business landscape. It’s a critical function that supports the success and longevity of the business. Engaging security early is a key step. Ultimately, prioritizing security fosters trust, protects assets, and positions businesses to thrive in an increasingly digital world.

    About the Author

    Jane Clark

    Senior VP of Operations

    Jane Clark is the senior vice president of operations for NationaLease. Prior to joining NationaLease, Jane served as the area vice president for Randstad, one of the nation’s largest recruitment agencies, and before that, she served in management posts with QPS Companies, Pro Staff, and Manpower, Inc.

    Voice your opinion!

    To join the conversation, and become an exclusive member of FleetOwner, create an account today!

    Sign up for our free eNewsletters

    Latest from IdeaXchange

    377258485 | Siwakorn Klomwinyarn | Dreamstime.com
    KPIs and fleet maintenance
    Each fleet is going to set different KPIs around key metrics once it evaluates the effectiveness of its PM program. Reduce the number of vehicles being taken out of service during...
    Tatsiana Kuryanovich | Dreamstime
    Data only delivers value when it leads to action. Consider these steps to turn your fleet's insights into operational improvements.
    Little changes can make big differences. Here are ways to turn your fleet's data into real-world efficiencies that boost your bottom line and maximize your equipment.
    ID 24517292 © Dreammasterphotographer | Dreamstime.com
    continuity during an outage concept
    Do you have a business continuity plan in place? Every hour counts in trucking. Being prepared for disaster recovery can be the difference between keeping customers and losing...