Townsend Security Data Privacy Blog

I can remember visiting a securities trading office while in junior high school as part of a class project to experience the business world. People seemed to be hurrying everywhere; delivering important documents, processing buy and sell orders, urgently getting important people on the phone right away. The pace of business was frantic! But when my teacher asked what impressed me most, I recalled something else.

“No one ever said ‘Thank you’,” I answered. “Does that really matter in the business world,” my teacher inquired. “Yes, it does matter,” I stated emphatically.

All these years later, I’m proud to work in a business where, despite the frantic pace of business and technology, we do take the time to say “thank you.”

For one, saying “thank you” is part of Townsend Security being a great place to work. Hearing from, and saying it to, co-workers contributes to each of us feeling like we are doing important work and that our efforts are appreciated. It makes us feel like individuals, not just employees. But that’s not why we do it.

Saying “thank you” is also part of holding on to great customers. We certainly value the revenue we receive from them, but even more so, we value the relationships we build through time. It’s wonderful that so many of our customers come back year after year and often point to the way they are treated as a reason. Saying “thank you” is a part of great customer service, but that’s not why we do it. 

As we enter into the United Way annual campaign, we see this as another way to say “thank you.” We proudly support this important organization and, through it, the many agencies doing the hard work of caring for, nurturing and empowering those in our communities that most need help. For any of you considering participating as well, we highly encourage it. It is certainly nice to be recognized by the United Way as a contributing business, but that’s not why we do it.

I’m glad I can say that at Townsend Security, we say “thank you” not because it’s mandated or because it is part of an orchestrated profit-motive. We simply say “thank you” because it’s the right thing to do.

I was recently speaking with a technology value added reseller (VAR). When I asked how often he spoke with his customers about data protection, he answered “All the time!” When I pressed for what he actually talked about, he explained, “I talk about the best ways to keep intruders out of their systems.” By this, he was referring to anti-virus software, firewalls and VPNs; not surprisingly, things he had become quite proficient at selling over the last number of years.

“So, what happens when somebody gets in anyway”, I asked. He looked at me with a blank stare. He had only been having part of the full conversation around enterprise data security.

Although keeping individuals, or groups, with malicious intent out of your network is an important part of protecting your data, it is far from being the whole story. Intrusion Prevention is only one of the three legs to the data protection stool. The other two legs are Network Monitoring and Encryption. It takes all three of these to truly protect any company’s data. If any one of them is missing, the stool simply falls over.

Sadly, most companies learn about their own data breaches only after being told by a partner, vendor or customer. A recent study shows that 69% of data breaches could have been detected before any data was lost if proper system logging was in place. Knowing what is going on within your systems is important to tracking, and taking steps to neutralize, malicious activities. A number of solid and affordable solutions are available for security information and event management. These include LogRhythm, Dell SecureWorks, McAfee Enterprise Security Manager and others. You can’t fix what you don’t know about, and if you’re not actively monitoring your systems, you may be blissfully, but dangerously, unaware.

But ultimately, it’s not about “if” someone will get access to your data, but “when” they will. That means it’s vitally important to make sure they only get their hands on useless data when they do. Using NIST-certified AES encryption along with a FIPS 140-2 certified key management system is the best way to avoid costly fines and notification requirements in the case of a data breach. When that data is lost or stolen, correctly implemented encryption assures that it is nothing more than a bunch of random 1’s and 0’s. Townsend Security’s Alliance Key Manager is an affordable and reliable solution for your customer’s needs in this area.

If you sold your customer a firewall and anti-virus software, but they still experienced a data breach, would they thank you for what you did, or be upset you didn’t do more? I’m guessing the latter.

So the next time you talk to your customer about data protection, remember to have the whole conversation. Make sure you include all three legs of the data protection tool: Network Monitoring, Encryption AND Intrusion Prevention.