Gartner: IT spending to grow

IT security needs to become one of the most important areas of focus for modern businesses, especially given the growth of malicious threats. Failure to ensure appropriate security could lead businesses to face data breaches and other cyber attacks.

In a new study, research organisation Gartner has detailed the growth of IT security spending. The primary reason, according to the organisation, is that companies are growing an awareness of threats.

Gartner predicts that spending will reach US$71.1 billion 2014, representing an increase of 7.9 per cent over 2013. Within this sector, data loss prevention is expected to record the fastest growth.

Failure to ensure security

Enterprises are no-doubt well aware of the risks of ignoring security, with data breaches and cyber attacks a common outcome. In many cases, businesses can be significantly set back, with damage to both reputation and finances.

While finances can be recovered, businesses may struggle to regain the trust of employees, leading to significant problems further down the line.

The Nexus of Forces

"[The Nexus of Forces is] creating new opportunities to improve effectiveness, particularly as a result of better understanding security threats by using contextual information and other security intelligence," said Gartner  Research Director Lawrence Pingree.

"This has led to increased awareness among organisations that would have traditionally treated security as an IT function and a cost centre."

This Nexus of Forces is essentially mobile, cloud and social technologies, which Gartner often group together when referring to growth.

Considering training

Growth in security threats should serve as a reminder of the value of IT security training. Courses handling SABSA, TOGAF and CISSP should be considered in order to effectively secure an organisation over the next few years.

Failure to put security measures in place could result in financial damage and reputation issues.

The necessity of security, risk and enterprise courses

Security within the IT sector needs to become a paramount consideration for businesses, especially given the substantial number of data breaches announced on a regular basis. These cyber attacks have the potential to cause significant financial and reputational damage to an organisation.

As such, IT security courses should become a priority for all levels of the organisation. Here are several training courses which enterprises need to consider to ensure effective security.

TOGAF

A number of organisations use TOGAF to improve business efficiency, and it can be an extremely useful framework when it comes to security as well. Using such a methodology for security can help enterprises to identify areas that are lacking within the IT structure.

TOGAF training takes users through realistic enterprise scenarios and provides enough information for users to gain certification.

SABSA Foundation

This is the most successful security architecture in the world, and can be extremely useful when it comes to best practice security solutions. By utilising SABSA, the security needs of an organisation are met in full, and ongoing support becomes substantially easier.

SABSA Advanced A1: Risk, Assurance & Governance is designed for security professionals, and can assist them in developing advanced competency in regards to business risk, assurance and governance structures. The skills gained here can be deployed in a number of situations.

CISSP

Another exceptional security qualification, CISSP is based on the Common Body of Knowledge, which itself compromises 10 subject domains. These are compiled and maintained through a substantial peer review process which is managed by experts within the field.

The wealth of knowledge here can be vital when approaching new security issues within the organisation, as it can establish a strong framework for a combination of problems.

It's important to understand the importance of proper training, frameworks and knowledge bases when dealing with cyber security.

Often, systems are more secure and ongoing maintenance is a more manageable process.

Mobile market heading towards fragmentation

Enterprises cannot deny the value of mobile technologies, especially given the advancements in capability over recent years. With smartphones and tablets organisations can see a far higher degree of collaboration between departments, and improved communication at all levels.

A new report from the International Data Corporation (IDC) has explained that, due to a differing number of uses, market fragmentation is on the way for the Asia/Pacific region.

Before going ahead with a mobile strategy, it could be a good idea to consider the value of organisational IT security training. This can ensure that when new mobile technologies are implemented, there's no risk of security issues.

Mobile use cases

Like other types of technology, mobile is broad term with a number of possible uses. Many businesses may seek to use tablets for internal meetings, while others might rely on smartphones to video conference from different locations. This, combined with further mobile investments, is causing market fragmentation.

Incoming fragmentation

A recent survey by the IDC found that on average, 70 per cent of respondents had mobility initiatives in place within organisations. Initiatives typically focus on furthering traditional business goals such as communication and workflow.

While mobility may have been seen as an optional consideration in the past, it's now a vital aspect of operations.

"Enterprises across the region are realising it's no longer a question of why, but a question of how when it comes to mobility adoption in their organisations," says Ian Song, a research manager at the IDC.

"With the growing momentum of the trend of Bring Your Own Devices (BYOD), companies can no longer ignore mobile devices in the workplace."

Understanding the value

While some organisations understand the need for mobility, many more are failing to grasp the value of strong mobile integration. Mobile strategies that are correctly integrated offer a number of operational benefits.

In most cases, business growth can be driven as traditional communication barriers are removed. Of course, companies need to consider how new technology implementations can impact security and other areas of the organisation.

Are your wireless networks at risk?

As the speed and reliability of wireless technology has increased, so too has business reliance on virtual networks and wireless connection tools. 

Today, many organisations are specifically investing in smart devices for their workforce, so that employees can remain connected and collaborative at all times while on the job. 

However, while wireless networks can offer a number of benefits in terms of improved mobility, greater productivity and streamlined collaboration, they can also create new cybersecurity risks. 

Modern cybercriminals are more advanced and sophisticated than ever before, and often look to target inadequately secured wireless networks when attempting to access confidential data. 

Wireless networks without the proper level of access protection can also leave your business open to internal threats, such as employees who may utilise the network in an insecure way. 

With such a wide variety of wireless network threats out there – from spyware to DDoS attacks, viruses, worms and trojans – it can be difficult for those without proper security education to achieve comprehensive network security. 

Fortunately, there are IT security training courses available that are specifically designed to provide information and advice about securing wireless networks in order to minimise the chance of a breach. 

A wireless network security in-house presentation could be the perfect option for you business, as it will ensure all relevant network users understand the variety of threats present when using a wireless network. 

Such a presentation encompasses a wide variety of wireless and mobile network options, including WPANs, WLANs and Bluetooth, and can be catered to the unique needs and requirements of your organisation. 

Due to the in-depth, practical nature of this course, participants will have full confidence in their ability to access and utilise networks in a safe and productive manner. And because they will have access to a trained and experienced tutor, any questions or concerns they may have will be answered on the spot. 

Is an ISO/IEC 27001 understanding necessary?

There's currently shortage of choice for IT security courses, but choosing the correct standards and frameworks can be difficult.

ISO/IEC 27001 deserves consideration from professionals, as it covers a number of areas. This article will explore exactly what it is can how it can be utilised.

What is ISO/IEC 27001?

ISO/IEC 27001 is the pre-eminent global standard for information security management systems (essentially a set of policies designed to handle information security).

The most recent update was published in October 2013, bringing much of the framework up to date with other certifications and standards. It now covers organisational context and stakeholders, how to best plan a security management system implementation, and how to make the system operational.

Sections are also dedicated to reviewing system performance and putting corrective actions in place where and when required.

Organisational uses

As security is such a high priority for modern enterprises, it's important that up to date standards are used at all stages of a security system implementation.

Several stages have been outlined below, with uses of the ISO/IEC 27001 standard explained. These uses can be applied to a number of different security scenarios.

It's easy to see how the ISO/IEC 27001 standard can be utilised to great effect across a wide range of security applications. If you'd like more information on ISO/IEC 27001, or want to take part in a course to gain certification, speak to ALC training today. 

The top cyber security threats facing businesses today

Cyber security is a rapidly evolving concern within the IT sector, constantly presenting new risks for businesses. As the threats are constantly changing, it’s absolutely essential that both the latest possible future threats are understood. Failing to ensure adequate IT security practices could result in substantial damages, including data breaches and even financial loss.

It’s essential that businesses begin to put the appropriate measures in place to minimise cyber security risk, and understand how various threats can come about.

In many cases, one of the best ongoing preventative measures is an extensive IT training program designed to educate staff on the best practices for IT security.

An outline of cyber security

Cyber security is a broad term, encompassing many different threats. Over recent years, as businesses have grown their technology use, risks have only increased. Now, a significant portion of highly sensitive business information is stored on digital systems.

This can be anything from customer information, including payment data and addresses, to financial records of the company that have been stored for easy access.

While the advantages of digital systems cannot be ignored, security needs to become a top priority.

Here are the top four IT security risks that businesses and IT leaders need to be aware of. It’s also important that even lower level staff understand where risks can come from, and the best preventative actions.

​1. Hacktivists

Hacktivism presents a real danger to businesses, as there’s often no reward sought – financial or otherwise. In most cases of hacking, the attacker is after sensitive data either for government purposes or to sell on to a buyer. Protest is a large factor of hacktivism, and attackers often seek to take down websites or other services that conflict with the group’s ideals.

Government websites are often a common target, following unfavourable legislation or policy changes.

To ensure protection, businesses need to be aware of how their actions can provoke an outside response. IT security systems are often the best measure of protection.

​2. Malware

Although it is a threat that dates back decades, malware remains a constant issue for both businesses and private users. Essentially an attack designed to disrupt or damage a network or system, businesses affected by malware can often be required to take systems or services offline, in order to ensure greater protective measures are in place.

3. Internal threats

Staff can present as big of an issue as outside attackers, whether or not intentions are malicious. An accidental security breach can occur when malware is unwittingly installed, or outside access is given to a crucial business system.

On the other hand, staff may willingly seek to steal information or disrupt systems for personal gain.

Preventative actions here include education at all levels of what actions can cause a breach, and only giving access to key systems to required staff.

4. BYOD

The final security for businesses is bring-your-own-device (BYOD), a trend which has seen considerable growth in recent years due to the cost and productivity benefits.

With this process, staff use their own mobile devices such as phones and tablets as well as laptops within the office. Obviously, the security risks here centre around unknown and potentially malicious software making its way from staff devices to business networks.

Effective IT policies are required that outline where and when BYOD can be used, and for what purpose.

Growing a culture of IT security

IT security education can be one of the best ways to grow an IT security culture, as it gives both business leaders and staff an insight into what exactly causes IT risks, and where they’re likely to come from.

Given the growing prevalence of IT security risks, it’s going to be essential to ensure that a culture of IT security is fostered over the next few years, as it involves nearly every level of staff. Failure to ensure IT security can often have disastrous consequences, and should never become an issue.

Senior leaders ‘should be involved in IT security issues’

CEOs and senior executives must take IT security measures seriously to ensure businesses are protected from the growing threat of cyber attacks.

This is the upshot of recent analysis by global management consultancy McKinsey & Company, which outlined the importance of ensuring the C-Suite leads from the front line on cyber security issues.

The organisation said not enough is being done to protect mission-critical information assets, despite senior executives being well aware of the risks of falling short in this valuable area.

McKinsey noted that many businesses are still facing a number of obstacles, including the difficulty of changing user behaviour.

“For many institutions, the biggest vulnerability lies not with the company but with its customers,” the organisation stated.

“How do you prevent users from clicking on the wrong link, allowing their machines to be infected with malware? How do you stop them from transferring incredibly sensitive information to consumer services that may not be secure?”

Offering IT security training

One way to better educate employees is to conduct comprehensive information security training, with a number of extensive courses available to overcome potential risks.

According to McKinsey, pushing change in user behaviour should be a priority for senior managers hoping to build up ‘cyber resiliency’ in a modern business environment where threats are becoming increasingly common.

“Given how much sensitive data senior managers interact with, they have the chance to change and model their own behaviour for the next level of managers,” the organisation said.

Some simple steps can begin this process, including being more careful when sending documents from corporate to personal email addresses.

Senior executives must also create enough airtime to communicate to front-line staff the importance of protecting the company’s information assets.

Improve strategic decision-making

Businesses were also advised to consider cyber security risk alongside other kinds of risk. As such, they should assess the organisation’s appetite for loss of intellectual property, disruption of operations and disclosure of customer information.

Once these decisions have been made, management teams must communicate with cyber security professionals to help prioritise existing data assets and gauge trade-offs between operational impact and risk reduction.

However, effective IT governance training might also be required. McKinsey noted that regardless of how comprehensive a set of cyber security policies are, some employees may try to work around them.

“Senior management obviously needs to make sure that policies and controls make sense from a business standpoint,” the organisation said.

“If they do, senior managers then need to backstop the cyber security team to help with enforcement.”

In addition to governance, granular reporting is suggested to track how the company is performing against pre-defined targets across the IT security program.

The importance of senior executive buy-in

Research conducted by McKinsey in conjunction with the World Economic Forum showed that senior management time and attention was the most important factor in mature cyber security initiatives.

This meant it had more of an influence on success rates than company size, resources provided and industry or sector.

The data supports a similar survey conducted last year by Frost & Sullivan, in which 69 per cent of respondents confirmed their CEO is now a decision maker regarding IT security issues.

Senior executives from across south-east Asia were polled, with 40 per cent stating the chief executive is the central decision-maker on such matters.

Edison Yu, associate director, ICT Practice, Frost & Sullivan Asia Pacific, said: “More and more firms are realising that security is not the remit of the IT department alone.”

“The impact of a security breach on business is real and broad, and management wants to be proactively involved in preventing it.”

Arm your team with a CISSP certification

Are you an IT professional ready to take advance your expertise? Or are you a senior executive who wants your IT team to have the most up to date qualifications? Sign up to ALC Training’s CISSP course, a comprehensive 5-day course for IT professionals. Our CISSP training covers the 8 domains of the CISSP Common Body of Knowledge to prepare you for the CISSP exam. 

Employees ‘biggest threat to IT security’

Businesses worldwide are recognising that employees are one of the biggest threats to IT security, new research has revealed.

A survey of 250 IT professionals conducted at the Infosecurity Europe 2014 event noted that 44 per cent of organisations felt staff ignorance was a problem that could lead to breaches.

This compared with 20 per cent of respondents who argued that malicious insiders were the largest potential threat to business systems.

Overall, 70 per cent of participants listed employees as the most common shortcoming in their IT security plans, while 20 per cent cited current processes and just 9 per cent said technology.

The poll, which was conducted by AppRiver, largely quizzed IT professionals from the UK and the US, but the results have ramifications for countries worldwide, including Australia.

Earlier this month, a Ponemon Institute survey found just 40 per cent of Australian businesses were educating their staff on cyber security risks. Only Brazil had lower IT security training participation.

Troy Gill, AppRiver senior security analyst, said new threats are hitting businesses every day and employees must be prepared.

"We've seen a dramatic increase in phishing attacks since the beginning of this year, with many proving successful, which is a classic example of how an unsuspecting user can unwittingly put the organisation at risk," he said.

"Educating users to these types of attack vectors is just one element of effective remediation."

Aside from training, Mr Gill also recommended removing suspicious electronic packages from mailboxes automatically to ensure no one opens them and releases potential viruses.

When the same survey was completed last year, many US organisations blamed external influences, which indicates the shift in attitudes regarding IT security threats. 

In 2013, Mr Gill admitted it is hard to plan for employee ignorance, but training and automation help mitigate many of the potential risks businesses face.

BYOD security crisis on the horizon?

Bring-your-own-device (BYOD) policies have become increasingly popular in organisations across the world, bringing flexibility and productivity gains to many.

However, a new report has suggested that BYOD could be a ticking time bomb in terms of IT security, with many businesses failing to adequately consider the risk of mobility.

The ‘BYOD and Mobile Security’ survey, sponsored by Vectra, saw 1,100 members of LinkedIn’s Information Security Community surveyed regarding the current trends and challenges affecting modern companies.

According to the results, the primary reasons for introducing BYOD schemes are to improve employees’ mobility, job satisfaction and output.

BYOD is still under evaluation at 31 per cent of firms, although 40 per cent said company-owned devices are widely used. Unfortunately, 21 per cent admitted staff using their own devices despite the lack of a supporting BYOD framework is common.

Without the right IT security training, unmonitored use of employees’ personal devices could become a significant problem for organisations.

In fact, 67 per cent of respondents claimed they are concerned about loss of data due to lapses in BYOD policies. Fifty-seven per cent said unauthorised access to commercial information and systems is a worry.

Other issues raised were users downloading apps and content with embedded security problems (47 per cent), malware infections (45 per cent) and lost or stolen devices (41 per cent).

The biggest negative impact companies experience from mobile security threats is having to allocate more resources to cope, with 30 per cent highlighting this as an issue.

Corporate data loss and theft (16 per cent) and increased helpdesk time for repairing damage (14 per cent) are also concerns.

BYOD and IT security training

The security drawbacks of BYOD policies have been recognised for some time. Last year, Gartner noted the mobility trend will create a need for more protection on business and consumer devices.

Rugerro Contu, research director at the organisation, said more people using personal smartphones, laptops and tablets at work matches a rise in BYOD security solution demand.

“The current awareness of security and its impact on users of mobile devices is likely to change,” Mr Contu explained.

“Gartner expects attacks to focus increasingly on mobile platforms as they become more popular.”

The International Data Corporation (IDC) said Australian chief information officers are also becoming more aware of the risks of mobility.

IDC data last year showed 75 per cent of Australian businesses expected to use mobility technologies by the end of 2014. The company said this brings a number of complex challenges when considering deployment and integration of BYOD policies.

Raj Mudaliar, senior analyst of IT services at IDC Australia, said: “Enterprise mobility solutions are increasingly becoming a part of enterprises’ IT road maps to enable a […] richer customer engagement platform.

“BYOD is further exacerbating this shift by acting like a catalyst for adoption.”

According to the Vectra research, companies are dealing with the threats of BYOD policies in a number of different ways.

The highest majority (43 per cent) are using mobile device management, while 39 per cent are utilising endpoint security tools. However, 22 per cent are doing nothing.

Earlier this year, Senior Research Analyst at GFI Software Doug Barney stated that employers must take the initiative when it comes to BYOD, adding that IT security training is vital for maintaining best practice.

“Policies are all well and good, but they only work when backed up with training,” he noted in an article for TechRadar.

“Users should understand how to create strong passwords and regularly change them, how to lock a device, how to manage security settings, how to use encryption, and how to handle company data.”

Building a future-proof IT strategy

IT has moved to become a top business priority for most organisations over recent years, affecting areas such as productivity, collaboration and overall business operations. It's now essential that considerations are given to future-proofing the IT strategy of a company, and ensuring every facet is fully explored and understood.

An outline of the current state of IT, what needs to be accomplished over the next few years and the key areas of focus will be detailed below. A comprehensive IT strategy should become the next major priority for organisations.

The current state of IT

IT future-proofing can often appear difficult for businesses, especially given the constantly changing nature of the underlying technologies. As such, it's often not hard for a culture of indifference to bred within organisations, and IT subsequently pushed to the background of developments.

It's going to be important to create forward-thinking strategies as IT becomes increasingly important for productivity, collaboration and cutting down expenditure.

Businesses should assess the strategies of government agencies, such as the NSW State Records Initiative. This department is future-proofing IT by creating digital record keeping systems and promoting the digitisation of state records. 

An outline of what needs to be done

Strategies can seem difficult to put in place, but by breaking down the key areas of focus businesses can ensure every area has been taken into account. Attention needs to be placed on information, security and mobile technologies. Of course, companies may need to adapt as new technologies or trends begin to have an impact on organisations.

Here are three key areas of IT that businesses need to pay attention to in the near future.

An information approach

Moving to a new information management system can often be one of the more extensive changes a business makes to operations, but it's a vital part of ensuring security and efficiency over the long-term. An information approach entails managing discrete pieces of content rather than documents themselves.

This approach is especially useful for cutting back on printing and unnecessary data duplication. Basically, data is created in one location, and subsequently used wherever needed. Instead of being required to print documents multiple times, a digital alternative is accessible from computer systems throughout the organisation.

Focusing on security

Perhaps one of the most overlooked areas of an IT strategy, security needs to become a primary area of focus, especially due to the ever-expanding number of threats.

Outside attackers are only becoming more proficient at breaching secure business networks, and inaction on the part of the company can result in costly data breaches. These can often lead to financial damage and a stained reputation among customers.

IT security training is the best option here, as it ensures staff at all levels of the organisation understand the necessity of security.

Understanding mobile

Mobile devices represent perhaps the biggest technological leap forward for businesses, given the accessibility for both SMEs and large enterprises.

Defining the role of mobile is key, as a clear goal is able to ensure the organisation understands why the devices are used, and what benefits they offer.

The Cisco Visual Networking Index, released earlier this year, found global mobile data traffic to have grown 81 per cent in 2013, with the number of connections continuing to grow throughout the year. As such, it's crucial that appropriate considerations are given to mobile devices, and their roles within the business.

Conclusion

Training is one of the best ways for organisations to prepare for change, and should be at the forefront of business planning. With a focus on training in areas such as IT project management and IT security, staff can understand why certain technologies are useful for the enterprise, and the best methods of implementation.

As training can be utilised at all levels of the organisation, even business executives can be taught the necessity of various technologies, and the value of a future-proof IT strategy.

IT security training lacking, survey reveals

IT security training and education is lacking throughout many businesses worldwide, with Australian businesses among the worst culprits.

That is the upshot of a new global report by the Ponemon Institute, which highlighted a range of challenges and issues facing today's cyber security professionals.

The organisation identified various problems with IT security initiatives, including communication roadblocks between departments and a need for more funding.

According to the Ponemon Institute, security intelligence and user education are key elements in bridging cyber security gaps. However, many firms are failing to provide sufficient staff training in this area. 

The data showed 48 per cent of employers do not offer cyber security education to personnel, compared with 47 per cent who do. Just 4 per cent said they planned to begin IT security training within the next 12 months.

In Australia, the figures were even lower, as only 40 per cent were currently educating staff on cyber security risks. This was one of the lowest percentages, with only Brazil registering a worse score (32 per cent) among the countries surveyed.

Hong Kong (57 per cent), Singapore (55 per cent) and India (54 per cent) exhibited the highest levels of IT security training for employees. However, Australia did perform well when it came to tackling risk.

"An effective approach to reducing the risk of a cyber attack is to conduct cyber threat modelling exercises," the institute explained.

"The countries with the highest belief that [this] is essential or very important are India, Australia and the US."

The IT security landscape

Overall, the Ponemon Institute's report – titled Roadblocks, Refresh and Raising the Human Security IQ – noted dissatisfaction among IT security professionals regarding their organisations' protective measures.

Nearly 30 per cent said they would implement a complete overhaul of their current enterprise security system if given the chance, and a further 21 per cent desired mild to moderate amendments.

Advanced persistent threats were the biggest fear for 40 per cent of businesses, while data exfiltration attacks ranked second with 24 per cent of the votes.

Other concerns were website hacking (14 per cent), distributed denial of service attacks (12 per cent) and accidental data breaches (8 per cent).

According to respondents, one of the biggest obstacles preventing cyber security risk procedure improvements was a lack of communication between IT departments and executives.

Almost one third (31 per cent) of security professionals said they never speak to the executive team, with 23 per cent claiming they talk only once a year. A mere 1 per cent said meetings are conducted on a weekly basis.

More funding 'needed'

Among the most common complaints expressed by businesses was a lack of appropriate funding to tackle ever-increasing cyber-security threats.

More than half (52 per cent) of IT security experts argued their organisation does not invest enough money into skilled staff and technologies.

"To deal with the challenging and dynamic threat landscape, organisations need to have the intelligence to anticipate, identify and reduce the threat," the report stated.

However, plans for the future look encouraging, as 49 per cent of businesses are expected to make significant adjustments to cyber security investments over the next 12 months.

Professionals claimed the top three events most likely to drive spending on such measures are intellectual property (IP) theft, data breaches involving customer information and loss of revenues due to system downtime.

Insider threats are also common, with 67 per cent of respondents claiming they know a colleague or peer whose company has had confidential data or IP stolen by someone within the organisation.

In Australia, this figure climbed to 88 per cent – significantly higher than the global average.

Understanding and applying The Privacy Act across your company

The Privacy Amendment (Enhancing Privacy Protection) Act  2012 has now been in operation for nearly four months since its inception in March of this year.

The reforms introduced 13 core privacy principles, and the effective understanding and implementation of these is essential for any companies that holds personal information and confidential data about individuals. 

Each of the Australian Privacy Principles (APPs) refer to a specific element of information security, including the storage and use of individuals' personal data. The principles have been derived during a 10 year process that began in 2004.

The changes to the laws also aim to integrate privacy within all stages of company operations, including incorporating privacy best practice into business functions as well as technology design.

Implementing and handling sensitive data should be at the forefront when designing IT systems for corporate use, and creating policies that effectively manage and deal with data breaches and other measures for security protection.

You can enhance your understanding of privacy law and other important components of IT security by undertaking information security training courses.

What are the benefits of security training?

Taking a confident managerial approach to potential security threats is an essential part in preventing your company from possible attacks. Building on knowledge and expertise gained in the real-life application of management roles can be aided with training.

Becoming CISM certified is an excellent way to improve your knowledge base and lead your department with an increased awareness of the planning, strategising and measuring necessary to implement and fulfil your company's security policies. 

Identifying where possible risks could arise in your business operations and the best practice in implementing these, along with reporting on the changes and actions taken, are also topics the course covers.

Incorporating risk planning into trading procedures as well as complying with due diligence are both management requirements that should be continually assessed and enforced as part of wider security measures too.