Wearing Helmets in the Office: Why Security Strategies Should be Threat-Based

By BDO Digital| March 13, 2019

Cybersecurity has become a top priority for companies, with IT recognizing it as their #2 priority in 2018. The problem, however, is knowing just how to implement a cybersecurity strategy that’s right for your company.

With the abundance of info and tools out there, it’s hard to know what is best for your organization. Which security tools do you need? If you have more tools, will you be more safe?

In this blog, we’ll look at why every organization should develop a threat-based security strategy.

Bicycle Helmets in the Office

Studies have shown that wearing a bicycle helmet reduces the risk of head injury by 85%. If that’s the case, then shouldn’t we be wearing a helmet every day to the office to best protect ourselves?


Why we don’t wear a helmet seems obvious - unless you work in a construction site or manufacturing plant, wearing head protection is unnecessary since the risk of head injuries in an office is very small to begin with.

Start by Assessing your Most-Likely Risks

Now, a bicycle helmet salesperson might try to tell you that you need a helmet all of the time to be safe. But are they trying to understand the most common threats to your particular environment, or are they just trying to sell helmets?

The best approach would be to first look at your environment. Is it a construction site or an office? Are you riding a bike or sitting behind a desk? Are you playing hockey or chess? The answers to these questions will determine the type of equipment, tools, and actions you’ll need to take to keep yourself safe and productive.

The same can be said for cybersecurity.

More security equipment, tools, and actions won’t necessarily make you safer. Instead, you have to align your security strategy to your organization’s particular ecosystem and threats.

We recommend a threat-based security approach when planning your security strategy. You first need to understand your environment - which assets would hackers want to get their hands on? What do you need to protect? It sounds simple, but many companies aren’t even sure what they should be focusing on protecting in the first place.

Secondly, you need to understand the most common threats to those assets. What methods do hackers typically use to obtain the data? Only once you know this can you properly prepare and choose the right tools and methodologies that will best protect your data and users.

What’s Your SCORE?

When it comes to these two questions, companies usually don’t have the answers. BDO Digital and Microsoft have developed a Threat-Based Maturity Model to help both IT and business leaders understand their environments so they can develop the best cybersecurity strategy with the best tools for their organization.

SCORE helps to identify both the assets that your particular organization needs to protect, and the most likely threats to those assets.

Once you understand this, you can develop the best-fit security strategy. So before you wear helmets to the office or waste time and money implementing unnecessary security tools and practices, take time to understand what you’re protecting and the most-likely threats to your organization.

To learn more about how you can incorporate a measurable security assessment into your organization, contact us.

Teams security and compliance demo