You search for the brightest minds in your company’s field of work. Your employees may be recognized experts in their particular profession, but everyone has a weak moment – not enough coffee, lack of sleep due to a sick kid, a Monday. There are some easy ways we can work together to protect your business, and they start with your people.
Teach Your Employees the Warning Signs
First, we need to continuously educate your employees on safe technology habits. They must recognize malicious actions, then know when and how to inform the IS team. Do they contact IT or reception? Set out a formal process go report security violations. You must raise awareness and offer simple suggestions such as hovering over an email link without clicking it to view a suspect web page destination. A steady 44% of law firms in the US having 100 or less employees reported virus issues over the past 3 years; 48% of those firms reported no business losses or actual security breaches which is acceptable, though not great. Knowing the most common tricks of hackers will prevent downtime of a colleague’s workstation as it is reimaged, or data is retrieved from offsite storage and restored to a PC or the network. The efforts put into restoring your technology to working condition come with many time and financial costs which can easily be avoided with adequate foresight.
Security Reviews Should Involve the Business and IT
Second, IT leaders and business leaders must work together to operationalize security. They must make thinking of security concerns second nature for everyone. Having a regular security assessment of your systems will reveal that the root cause of many security problems are a lack of mature processes which lead to weak or nonexistent security controls. As managing risk becomes more of a strategic concern there is a growing need to develop a highly standardized business processes. You should regularly review these processes to make sure growth objectives are still being met. If an organization does not possess such technical knowledge, consider using a Virtual CIO service to plan how to effectively use your IT security resource. You need to avoid unacceptable risk and but keep the company pushing forward with growth. Don’t be afraid to spend a bit of money to secure your money.
Give IT The Tools It Needs To Defend You
Third, organizations must commit to having their IT security staff highly trained in current threats and approaches to security. This helps increase their responsiveness while you retain cyber security talent. Ongoing professional development with a specific focus on being able to identify an incident, how to classify it, and how to contain and eliminate it will keep your security team effective. Training in evolving technologies will also return results as your IT staff work with the business to implement new technologies to save time and money. The perception of security as an inhibitor to business must be dissolved – users should know they can work faster, and with fewer restrictions. Quartet spends 4 times the industry average on training, continuously building our knowledge base. You will know you are maximizing security investments with a team (your team!) that knows how to optimize these new tools to better protect and grow your organization.
It’s 11pm. Do You Know Where Your Data Is?
Finally, how computing hardware is used, or misused, by staff is crucial to your bottom line. Where your data is at any given time determines the level of comfort you should have with your staff. Some frightening statistics from 2014 collected by TechRadar:
- 84% of employees use personal email accounts to send company data.
- More than 50% of respondents upload data to a cloud-based service such as Dropbox, iCloud or Box.com.
- More than 30% of employees have lost a USB drive containing confidential information.
- Only 12 of the average 265 laptops lost by large organizations will ever be retrieved.
- Riskiest places to lose a laptop:
- 42% lost offsite
- 32% lost in transit
- 13% lost in the office
- 13% of companies do not know where the equipment was lost
Drawing The Line With Your Employees
Employees are too casual about computing equipment which is not theirs, believing the company will easily replace it and restore the data. While this may be true, the initial costs may be eclipsed by those later on including lawsuits, contract violations, and having to redo some of the work, to name just a few. Encrypting all devices that connect to a company-issued computer, or using security rules to outright deny any device being allowed to connect are a few of the in-your-face measures IT can take to protect the organization. Most importantly you must stress and enforce a “no personal use” policy of company computers. You can not allow a sense of entitlement bordering on “you can’t do that to my pictures” when a lost smartphone is being wiped – this puts your data, reputation, and client privacy in jeopardy.
There are many different types of weak links with staff; fortunately, we can reduce risk and the effects of employee tech blindness. Rather than instinctively turning to IT first as the sole solution, we must remember that security is a people problem and look to education as a cheap equalizer.