Ben Franklin dished out some pretty good security advice in his day. In fact, he was one of the most well known security professionals of his time. Many of you may realize it was Franklin that coined the saying ‘An ounce of prevention is worth a pound of cure’ but what you might not know is the origin of that phrase. It was actually something you, as a security professional, are very accustomed to – firefighting advice. For the residents of Philadelphia, fires were a huge problem in the 1700’s. If someone lost their home to fire they would often suffer irreversible economic damage. So, in 1736, Franklin organized Philadelphia’s Union Fire Company to respond to fires. Later, in 1752, Franklin also helped to create the Philadelphia Contribution for Insurance Against Loss by Fire. This was fire insurance to protect against a complete economic collapse in the event a home or business was destroyed by fire. We still have fire insurance, and insurance of all kinds, to protect us against loss.

But, what about fire insurance for your network endpoints? What if you experience a breach of your network endpoints and your valuable data is stolen? Would you suffer irreversible economic damage? Would you recover from such an incident and be able to continue with your business? Just like the Philadelphia residents back in the 1700’s, you need to protect your most valuable assets which today, aren’t all that different from back then: your data, intellectual property, brand equity, and good name. Your endpoint “fire insurance” should be more about prevention than anything else. Sure, if you suffer a data loss, and you have implemented appropriate safeguards, you may be protected from the legal “firestorm” that may follow if you can demonstrate compliance. But, your best insurance is prevention. Taking steps to avoid a data loss in the first place is definitely worth a pound of cure.

Interestingly, the Ponemon Institute is proposing an innovative business case for companies to justify information security purchases: a return on prevention. Larry Ponemon recently commented, “Because expenditures must be justified to pass budget approval hurdles, we believe our ‘return on prevention’ model can help make it easier for IT and IT security practitioners to make the business case for acquiring enabling security technologies and related control activities.”
Are you employing ‘an ounce of prevention’ when periodically and consistently reviewing the state of your endpoint security? Even with all the talk about needing to have tighter network security, many organizations could use a little more prevention fire insurance. And it doesn’t have to be that difficult to see some big gains to your endpoint security in a hurry. In many ways, it’s back to the basics. We all tend to rest on our laurels when no breach has occurred for awhile. But, that could result in a costly “fire” that could wipe out our business.

You will learn how to apply another ounce of prevention in our ebook and upcoming webcast series: Endpoint Security Fundamentals. Security expert Mike Rothman, founder and president of Securosis will lead us through the steps of how to make your network endpoints more secure. Forget about technical jargon, Mike will tell you what you need to do right now. He’ll explain how to prioritize your security threats, triage your resources to make necessary improvements, and focus your IT staff on the fundamentals of endpoint security. Join us for this three part series: Fixing the Leaky Buckets (September 8), Leveraging the Right Enforcement Controls (September 22), and Building the Endpoint Security Program (October 6).

Ben Franklin may not have had network endpoints to deal with in his day, but he knew that prevention trumps everything when it comes to securing the things we value. I bet he would have made one heck of a security administrator!