IT Security Starts and Ends With Your Staff
We wish IT security was as simple as setting up a good firewall and installing an antivirus. We talk a lot about security solutions that cover a lot of your bases, such as our Unified Threat Management (UTM) system. While these enterprise-level solutions are important, any investment in protecting your network can be upended by a single act of user error.
You see, the bad guys are clever, and they wouldn’t be building malware and stealing data if it wasn’t lucrative, and the successful hackers are very good at beating the system. A huge trend that has been growing for years involve hackers doing more than just infecting computers the old-fashioned way; today they are targeting people using tactics like social engineering and offline infiltration. They know that they can get access to your network by asking the right user the right questions over the phone or via email. They know how to get just enough information to sound somewhat legitimate, too.
Get Everyone on Board
It’s up to you to establish a IT security mindset with your employees. It starts with management and needs to trickle down across the entire organization. Getting other C-levels closely looped in, and then office managers and even HR is a good way to make sure everything is being taken seriously.
Show That Security Isn’t Meant to Be a Burden
If you fire off new processes like two-factor authentication or push policies to employees phones without rallying them first, you’ll likely get moans, groans, and pushback. It will feel like you are making their jobs harder, when in reality you are actually protecting them and the organization. Instead, it’s a good idea to teach your people WHY security matters to them. Good employees want what’s best for the company and will see value in protecting the company if they understand that these new security processes aren’t designed to be roadblocks.
Have Regular IT Security Check-Ins
Whether you put together a weekly email or hold a monthly meeting, stick to it. If you make security enough of a priority that you don’t postpone a piece of your plan, your staff will feel the importance of it. Plus, this allows you to take smaller steps that ensure good habits are being put in place.
Until IT security mindfulness is achieved, the responsibility is on you to make sure your staff understands the new processes and procedures. This may include thoroughly documenting your security best practices, including it in the employee handbook, creating training videos, and hanging posters. Plus, as security threats and compliances evolve over time, so won’t some of your processes. As things change, you’ll need to update your materials.
After most of your staff seems to “get it,” you can establish the repercussions for failing to comply with company rules. Remember that most practices can be easily remediated - depending on the severity of the issue, a first-time offender probably doesn’t need to lose their job. That said, treating repeat offenses and blatant disregard for IT security should be dealt with swiftly and corrected. One weak link can do harm to the entire chain.
Encourage Issue Reporting and Support Requests
One of the biggest tools you can equip your people with is the ability to put in support requests and report on anything suspicious. If they don’t feel comfortable and encouraged to put in support requests, they might not raise their hand when something really serious is happening. This can be caused from either not wanting to bother management with something that seems unimportant, or from having a fear that they will get in trouble for potentially causing an issue. It’s critical that you establish a clear value to reporting issues and mistakes that happen.
That’s where Ciracom comes in. We can not only help you establish the infrastructure to protect your business, but we can help enforce, audit, and support your organization. We can act as your in-house IT department and field employee support questions. Let us help you protect your business from the ever-increasing number of online and offline threats. Give us a call at (703) 621-3900 today and have a chat with one of our IT security experts.