Did we get your attention? The topic of informational technology (IT) security is boring, but so important. Most of the statistics are downright scary:
- 52 percent of people email documents from work to home via personal email account
- 66 percent of people that take work-related information home do not take time to delete or erase
- 51 percent of companies have an IT security policy that is not strictly enforced
- 65 percent of smaller organizations say that, in general, their organization’s sensitive or confidential business information is not encrypted or safeguarded by data loss protection technologies
When it’s done right, IT security can be sexy. Why? Confidence is sexy. If you are confident in the protection of your data, that’s attractive. Here are a few ways to get that confidence factor:
What are your employees downloading (and potentially taking home)
Think about how easy it would be to put a thumb drive in one of your office computers or printers and download confidential data. Do your sales people have their own cell phone versus a company phone? If yes, then they have an automatic database of clients. You can purchase software that detects downloading activity and alerts you.
What is your risk potential
Do you keep social security numbers, health or credit card information? Can employees open attachments to or click links embedded in spam? Do they leave their systems unattended? Do they not change their passwords frequently? Do they visit restricted sites? If you answered yes to any or all, your business data is at risk. There are very specific laws out there – especially for credit cards and health info – with which you must comply.
Do you have any policies?
Even the best security technology can be defeated by bad practices and human error. A security policy stipulates what should and should not be done. It addresses three security properties: confidentiality, integrity and availability. Many employees do not even comprehend that the work they create at work is not their own. If it is work done on company time and equipment, it belongs to the company. Reviewing what your employees do and do not have access to is critical.
Are you assuming your provider has it?
Your IT department or contracted service can monitor and initiate IT security controls for you. Our employees cannot access certain sites that have to do with hot buttons like alcohol, as our IT administrator has blocked content.
The basic assumption is you’re compromised. You have to assume somebody is on your network right now, sitting there and learning and watching what you’re doing. What will you do today to be confident and sexy in your IT security management?
Written by Jim Annis, President/CEO of The Applied Companies, which provide HR solutions for today’s workplace. Celeste Johnson, Tom Miller, and Suzanne Chennault, Applied’s division directors, contributed to this article.