CDW LCC (a technology firm) voices its concerns over the fact that many businesses are suffering from “security paralysis”, meaning that they have little resources to devote to cybersecurity, or are simply ignoring security issues until they become problematic.

A five-step process is recommended, with all relevant departments within an organisation being suitably represented:

1) Step 1: identify the information assets of the business.

2) Step 2: Locate the information assets – both physical and online.

3) Step 3: Classify information assets according to levels of security – amount of harm caused if the assets were harmed or altered.

4) Step 4: conduct a threat modelling exercise (yes, this may be time-consuming).

5) Step 5: At the conclusion of the exercise, the business’ assets will be idenfied in terms of risk going from low to high, which allows the business to focus on areas of “high risk” and spend its resources on these risks wisely and cost-effectively.

The full recommendation for security protection is here.