© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Darren Gallop, Securicy: “educating your remote workers is key to protecting your business”


The pandemic has shortly brought a worrying realization: as much as employees can be your first line of defense, they might also unknowingly open doors for attackers. And that is only one of many new challenges presented by a global shift to remote work.

As much as companies worldwide try to adopt the best cybersecurity practices, the field itself might be intimidating for someone not familiar with the appropriate digital hygiene. You would want to find the ultimate balance between cost and value, understand your weak points, and learn about the current regulations. Thankfully, there are businesses specializing in guiding you through this process, such as Securicy, an information security management platform.

We sat down with Darren Gallop, CEO and co-founder of Securicy, to talk about Securicy’s journey to becoming companies’ best friend for meeting the highest cybersecurity standards.

Since your start just a few years ago, Securicy has grown exponentially. Can you tell us about your journey?

Like many founders, we created our company to solve a problem we had experienced ourselves. At our last start-up, we lost a six-figure deal because we couldn't prove a strong security posture. Our prospect handed us a vendor security questionnaire that we just couldn't answer, and it took us out of the running -- it didn't matter that our product solved their needs.

Beyond the incredible frustration we felt around losing the deal, we realized that we hadn't given information security the attention it really deserved. And we also realized we weren't alone - a lot of start-ups that target enterprises treat security as an afterthought rather than part of their DNA.

We built Securicy to help other companies build, manage, and sustain a program that can meet the security and privacy expectations of their enterprise customers. We believe that a strong security posture is directly linked to your ability to close deals with enterprise customers.

You take great pride in your security management platform. Can you briefly explain how this tool works?

Our platform is designed to help companies better understand and meet the security and privacy expectations of customers, auditors, and regulators. The platform helps co-founders and CTOs break down complicated security standards and regulations like SOC 2, HIPAA, ISO 27001, PCI DSS, etc. into actionable tasks, helps them identify security controls relevant to them (and which are not), automates time-consuming and manual tasks to save time and effort, and then helps ensure everything is in place so that they can sustain that security posture over time.

For companies that need additional help moving their program forward or deciphering some of the requirements, we have a dedicated team of security experts available to our Premium customers who can help keep the program on track, answer questions, conduct risk assessments and vulnerability scans, and manage an external auditor. In both cases, you'll get a platform that effectively shows you the gaps in your security, how to shore them up, and what it takes to continuously maintain your security posture over time. Security is a continuous process, not a one-time event, and our platform is designed to support that, even if you don't have dedicated security personnel.

How did the pandemic change how organizations approach information security? Were there any new features added to your services as a result?

Perhaps, the biggest challenge for information security was the sudden emergence of an all-remote team, particularly for organizations that had never planned on operating that way. That added challenges like how to remain secure with a fully remote team, reviewing and reinforcing security policies, and considerations about how organizations can respond as a team in case of an incident. In response, we developed a robust business continuity and disaster recovery planning tool to help our customers make it through the various challenges the pandemic presented. We also are in the process of releasing much more robust security awareness training, which is particularly critical in an all-remote environment.

How can companies make sure that the vendors they choose measure up to security standards?

With the influx of cyberattacks on third-party vendors and software publishers, more companies have realized that they can't just worry about their own security but also that of the vendors they choose to work with. There are several ways to validate a vendor's security posture. For example, you can obtain proven compliance with an established security or privacy standard or regulation such as SOC 2 or ISO 27001; you can ask for a third-party attestation of their security posture, or you can have them fill out a security questionnaire that outlines key elements of their posture. In fact, Salesforce and Google just collaborated on an industry-standard questionnaire called the" "Minimum Viable Security Product" or MVSP that we expect a number of companies will start to pick up as their standard.

With remote work becoming the new normal, what are the security risks that might come up in the process?

Remote work presents some unique challenges to your security team. It's not possible to secure a person's home network in the same way you would a business office: you don't have control of who is coming and going, you don't have the same security precautions around their network, etc. You may also have a higher incidence of employees that spend a few hours working at a cafe or the library working off of public wifi, which is especially vulnerable to bad actors.

Other risks could be not knowing who actually has access to the work computer and if unauthorized or risky software is being downloaded on it.

The reality is that even in the best of times, your employees are your best defense. But they can also be a threat actor's entry point as well. When your employees are taken out of their normal working environment, they may be less likely to follow the same safety precautions that are second nature in the office. Ultimately, educating your remote workers is key to protecting them and your business from bad actors. We actually have a whole blog post dedicated to working securely while working remotely.

Even though cyberattacks are on the rise, certain companies take action only after an incident occurs. Why do you think organizations struggle to keep up with proper digital security practices?

The reality is that for many businesses, selling their service or product is paramount, especially with earlier-stage companies trying to capture their first big deal from an enterprise. Security is often an afterthought. The thinking often is some variation of this: "well, if we don't focus on sales, there won't be a company to protect anyway."

But the truth is that once you have been breached, you lose not only money but the trust of your vendors and customers, which can do serious damage to your reputation. Not only that, but if you are found to be non-compliant with industry frameworks, you can also face serious fines, which is just as damaging.

To be credible to your target prospect these days, you have to bake security into the DNA of your organization. And the really savvy company recognizes that they can actually take a strong security posture and turn it into a differentiator, particularly when selling into regulated industries, enterprises, or the government.

In your opinion, what security measures should be essential for companies nowadays?

Start investing in security as a meaningful ongoing program with budget and authority. There are some obvious tools and practices that make a big difference - clearly outlined security policies that employees sign off of, an incident response plan, implementing multi-factor authentication by default, and security awareness training are just a few. Understand what kind of sensitive data you hold and put security controls around how it's stored and accessed. If you want a more comprehensive place to start, take a look at the Minimum Viable Secure Product framework or some of the security frameworks like SOC 2 and ISO 27001 - even if you don't choose to adopt them, they'll give you a starting point.

And finally, what's next for Securicy?

We're learning every day how to make security and privacy easier for our customers. So we have a lot of things in the hopper on the product side - new frameworks we support, the technology we're integrating, features, and services that we offer. We aim to be a comprehensive security partner for our customers, and our focus is not just on keeping on top of the ever-evolving security market but also on how do we make security less scary and more accessible for companies that already have too many priorities.

In short, it's an exciting time for us - stay tuned, and you'll see a lot of changes in the coming months!

Leave a Reply

Your email address will not be published. Required fields are marked