Blog / How Much Cybersecurity Is Too Much?
The Cost of Efficiency Depends on How Much Cybersecurity is Required.
While the technicalities of cybersecurity are often tricky, some aspects are fairly straightforward. Like pretty much every other aspect of our lives–be it added luggage searches at airports, payment cards and turnstiles in bus terminals, or even just locking the deadbolt on your way to work in the morning–almost every additional security barrier you create around your network and data will make it harder and less convenient for staff and legitimate users to access it. SMS texts and (good) smartphone apps might make some things like multi-factor authentication (MFA) fast and relatively simple, but nevertheless there’s been both time and inconvenience added to the login experience along with the added security has also added time to the login process. But with ransomware and other dangers on the rise, and a growing array of defenses to choose from, it’s important for businesses to properly balance how much cybersecurity they can deploy with how much inconvenience users will put up with.
As an example, let’s talk a little bit more about MFA. It’s a great tool for securing access to cloud services, but typically only cloud services. There are other considerations beyond limitations and immediate inconvenience as well. Should you require the use of MFA when staff use their office desktops? What kind of authentication is required, biometrics or text, or both? How about email verification and resetting credentials?
So how much cybersecurity do I need?
As is often the case when it comes to cybersecurity, the answer depends on your unique needs. For example, if your machine is locked in your offices, the building of which itself is locked behind keycard scanners, forcing staff through MFA just to log in likely isn’t worth what little additional security it provides. But what about the receptionist’s computer in the lobby just inside the front doors that can access staff data? Do you really want to trust defending it from an employee’s cagey ex with just the receptionist’s password? Implementing some kind of MFA process for accessing that computer is likely worth cost and mild inconvenience.
Of course, all of this is provided such measures aren’t already demanded by relevant regulations and legislation, so in that sense there is one hard-and-fast answer to the question of how much cybersecurity you need, and that’s however much is demanded by PCI-DSS, PIPA, and other laws. However, security measures need to be considered in the totality of each situation. What risks are being mitigated? How likely are they to occur? Any security measure of value almost always comes at a cost, both for implementing and in convenience, and needs to be properly evaluated beforehand.
If you’d like help determining how much cybersecurity is appropriate for your organization, contact TRINUS and we’ll be happy to help out with some stress-free IT.
This week’s Shakespeare quote comes from As you Like it; “He that wants money, means, and content is without three good friends.”
Be kind to one another, courtesy your friendly neighbourhood cyber-man.