critical areas. The third step involves educating managers, employees, customers, and vendors about the stepped-up security measures. “Remember that your users are the weakest link in any security strategy, so put user awareness into play,” she adds.
Companies also should put together a budget for information security, just like they would for functions like sales, marketing and advertising. Carve out a specific percentage of annual revenues to be dedicated to the cause, and use those funds to hire the appropriate personnel and/or outside IT experts, purchase the necessary equipment and enforce network security policies.
Finally, Drolet says, midsized firms need to be realistic about the task at hand. “Everything can’t be fixed at once,” she says, “so prioritize in a way that allows you to hit the most critical areas first, and then expand your security strategy from there.”