How secure is your web environment? You know, your business’ marketing website, your customer-facing web applications, your internal financials application, the various cloud services that process and store business assets, and so on. Many business executives don’t have the slightest idea about the security of these critical business systems. They view this as a technical problem that technical people will take care of. When running a business, you can’t afford to be disconnected from web security in this way.

Practically every business today is fully reliant on IT. When IT-related threats emerge, business transactions stop. Most IT environments are running on web-based applications. The reality we’re seeing unfold every day is that many of these web-based business systems have untold security flaws that are waiting to be exploited by someone else for ill-gotten gains.

You cannot secure what you don’t acknowledge.

Many executives are caught off guard with how much their business relies on web applications for core business processes. One technical vulnerability that’s overlooked or one operational weakness in the IT infrastructure can bring these key systems to a halt. You don’t have to know the details of your web applications but you should know where things stand when it comes to their security.

Certain people believe that out of sight and out of mind is an ideal state in which they wish they could run their businesses. You can’t afford to do that in today’s regulated and litigious business environment. You must ensure that your business systems are getting the proper attention they deserve. Similar business functions are addressed at an executive level every day involving legal, HR, financial matters. Why not IT and web security? They should be no different if the business is to be at its best.

Web security has a lot of moving parts and is in a constant state of change. Hold your IT staff accountable. Make sure your network administrators, security managers, auditors, and those involved in the software development process are not only carrying their weight technically, but they’re also keeping you informed on where things stand. Trust, but verify.

Perhaps most importantly, make sure you’re giving the people involved with web security the budget and the political support they need to get things done. The real risk is not necessarily the complexity of the threat that your business faces but rather the complexity of your own business, people, and web environments. Someone has to be in charge. Make sure you’re kept in the loop.

Kevin Beaver

Kevin Beaver, CISSP is an independent information security consultant, writer, and professional speaker with Atlanta, GA-based Principle Logic, LLC. With over 32 years in IT and 26 years in security, Kevin specializes in vulnerability and penetration testing, security program reviews, and virtual CISO consulting work to help businesses uncheck the boxes that keep creating a false sense of security.