Balance in Cybersecurity: Lock the Doors Before Boarding the Windows
Editor’s note: In recognition of National Cybersecurity Awareness Month this October, we are publishing a series of blog posts dedicated to educating and informing you about cybersecurity practices. This is the fourth in a series of posts. Below, you can find a list of links to the rest of the series:
- FBI’s Warning: How to Protect Yourself from AI-powered Schemes
- Stuck on Windows 10? Here Are Your Options After Support Ends
- Job Scam Texts are On the Rise: Here are 5 Red Flags to Watch Out For
- What is a Vishing Scam and How Do I Protect Myself?
- The CIA of Data Security: What It Means and Why It Matters
- Top 3 Cybersecurity Trends We Uncovered from GrrCON 2025
- Why MDR is the Security Team Your Organization Needs
- BYOD for Smartphones: Balancing Security, Privacy and Cost
- Ransomware Is Getting Smarter: How AI Is Changing the Threat Landscape
- Numbers Don’t Lie: Phishing Training Works
- Phishing Attacks Can Now Mimic Your Organization’s Login Page in Real Time
- Traveling for Work? Here are the Best and Worst Ways to Connect. (Posting Oct. 28)
- Why You Should Care About Your Organization’s Security Culture Score (Posting Oct. 29)
There’s a lot of rhetoric in the IT space: Big promises, strong opinions and soundbites that make security sound simple.
The truth is, it isn’t simple. Even the biggest corporations make tradeoffs, and small businesses live with even tougher ones.
At Hungerford Technology, we don’t pretend there’s a magic formula. We implement a safe minimum that keeps you from falling behind, and then we work with you to find the right balance from there.
Our job is to make sure we speak up when we think you’re taking an unnecessary risk.
Let’s talk about what locking your doors vs. boarding your windows looks like in the context of IT.
Doors and Windows in the IT Realm
You can think of your organization like a building.
Doors
The doors are where people naturally come and go, but it’s also the first place intruders will try to break in. Locking your doors is the bare minimum, and that’s our baseline.
For example, we implement multifactor authentication for every client regardless of size and industry. It’s a standard security setting that research shows can block more than 99.2% of account compromise attacks.
Windows
The windows let in sunlight and give people a nice view. They’re valuable, but they’re also potential entry points.
If we boarded up every window, it would definitely make the building harder to break into, but everyone inside would be sitting in the dark.
Application whitelisting is a great example of boarding your windows. It’s a preapproved list of applications that are allowed to run, and any other application not on the list requires approval from our team.
It’s annoying for your employees, as they won’t be allowed to download any application, even if it’s work related. But it protects them from downloading malicious software that could harm their organization.
Some clients prefer that level of safety, and they’re willing to put up with — and pay for — the extra friction. But most don’t want to lose all the sunlight just to feel secure.
Our role isn’t to push you into one extreme or the other. It’s to help you figure out which windows can be boarded without much impact and which need to stay open to keep people happy and productive.
Cybersecurity isn’t one-size-fits-all. It’s about locking the doors and then deciding which windows can be boarded up while still having enough sunlight so your people can stay happy and productive.
Why Balance Matters in IT
Traditional IT management and security often pull in opposite directions.
- For IT, the “perfect day” is when everything gets through — every email delivered, every app working, zero roadblocks.
- For security, the “perfect day” is when nothing gets through — no emails, no downloads, no surprises at all.
Neither extreme is ideal. If everything gets through, you’re wide open to attack. If nothing gets through, your organization grinds to a halt.
If you have too much security without thought, your employees can’t do their jobs. Too little security, and you’re left exposed.
We don’t claim to have the perfect answer for every organization, but we know how to guide the conversation. We’ll set a safe baseline and then work with you to decide what makes sense for your team and your appetite for risk.
Balance Doesn’t Mean Custom Solutions
Cybersecurity isn’t one-size-fits-all. It’s about locking the doors and then deciding which windows can be boarded up while still having enough sunlight so your people can stay happy and productive.
The good news is, balance doesn’t mean reinventing the wheel or paying for something custom. We’ve already figured out a lot of this security stuff by building and managing highly secure environments.
For most organizations, it’s simply a matter of starting with a safe baseline (locking your doors) and then choosing the additional protections to turn on.
That’s what we mean by balance.
Finding Your Balance
Do you need help locking your doors and boarding your windows? We’re here to help!
Let’s chat about how we’ll implement a safe baseline and then work with you to figure out what additional security measures work best for you and your organization.
Stay updated! Get tips and insights delivered to your inbox weekly by subscribing to our newsletter.
