Article written by: Chris Nichols, Virtual Chief Technology Officer
Security is on everyone’s mind nowadays more than ever.
Companies are becoming more aware of the steps they need to take to secure their data from prying eyes. Super unified threat management firewalls, the latest and greatest antivirus programs, and draconian password policies are becoming the norm and a lot of money is being spent on their implementation.
At the end, CTO’s and decision makers can check off those boxes and sleep soundly at night knowing that they have an impenetrable outer shell on their data. That is until a user clicks on a link and allows a virus through the door, or opens that odd email attachment, or gives out a password over the phone to be “helpful”. Security tools are a necessity, but training and buy-in from the user base is also key. You don’t need a huge investment in training resources to accomplish this either.
The first step is having an Acceptable Use policy that clearly sets expectations on what a person can and can’t do on business owned systems.
This is the first step in raising awareness when it is presented to the user base. This needs to be reviewed periodically, either as a company twice a year, or individually during the review cycle. Don’t horde information. If there is a new threat in the wild that has a simple fix like “don’t open the attachment!” then send an email out explaining the situation. This will have a longer lasting effect of reinforcing the Acceptable Use policy and making your users more cautious. In addition to technical do’s and don’ts it is important to be clear about what kinds of information is allowed to be given out over the phone, in email or on social media. If you are under compliance requirements like HIPAA, this gets drilled into your head at least once a year.
Regardless of your industry, it is a good idea to have clear guidelines regarding the dissemination of information. All it takes is a little bit of training and awareness to enable your employees to actually help you keep your information safe and secure, rather than being the one security hole in your network that you can’t actually patch.
Does your business have a clearly defined Acceptable Use policy in place?
Read other great articles by Chris Nichols…
The War on Passwords Continues…
Smartwatches – So Hot Right Now
