Directive Blogs
5 Ways to Make IT Security Top of Mind
The most significant resource any business has is their team. Yes, unfortunately, many companies view their staff as disposable cogs, to be worn down and tossed once every ounce of passion for their job has been drained away. Some of these businesses even manage to turn a profit.
However, the most successful companies and you know their names, invest in their team and have a successful bottom line to show for their efforts. They understand that a business like most things is only as powerful as their weakest link. The weakness link the majority of the time will not be the technology, but the person who is behind the keyboard.
A big part of developing a successful team is the amount of information about the business you share with them. In previous generations, having a hierarchical organization in which all knowledge trickled down to the team is no longer valid. This is particularly true when junior members of your team may have more experience and knowledge, especially with technology, than many C-level staff. When you keep these team members from sharing their wisdom and out of the loop, you’re wasting your most significant resource.
Team members in the know are more invested in the success of the business as a whole, as opposed to being worried only about their paycheck. While no one person is indispensable, it can take just one person to unknowingly expose your network to potential attacks and data breaches. It is just good business sense to enlist your team as security assets, as opposed to leaving them as potential sources of infection.
Here are five best practices to support your team and protect your IT security:
- Document your cybersecurity policies
Your team won’t know best practices if you don’t tell them. The whole purpose of best practices is to share them so they become part of the culture. Further, best practices need to evolve as your technology does. The best way to ensure your team and your policies are up to date with current practice is to share and reevaluate your documentation with your team. - Plan for mobile devices
As Bring Your Own Device (BYOD) plans continue to thrive, your team needs to be trained as to best practices. Also define what is covered under your BYOD policy, don’t forget wearables such as smartwatches and fitness devices. Remember, if it can connect to your Wi-Fi and is unsecured, it leaves your network vulnerable to attack. - Enforce safe password practices
It is not uncommon for people to not only have weak passwords but to use the same password for all their logins, including their workstation. What this means is if one of your team gets their personal machine and data compromised, there is a strong possibility they have opened the door to your business’ data as well. While you can’t protect your team from themselves, you can protect your business from them. Develop and enforce secure password practices, don’t leave up to them to remember. Automate it and require specific credential criteria to be followed. - Use 2-Way Verification
While we are on the subject of password security, it is also a good practice to develop a policy of two-factor authentication to access your data when using wireless or mobile devices. Yes, it adds another layer of ‘complication,’ but doing so allows your business breathing space between your team member realizing they have lost their device and you having to enact your security protocols. - Educate your team.
Finally, use internal communication to educate your team. Use your blog and email to inform your team of best practices. Don’t just tell them to do something, particularly something that will alter the way they are used to working, or access their personal tech. The hammer should be the last tool you use, not the first. Instead, use the opportunity to educate them as to why it’s best practice to make the changes. This provides them the opportunity to become invested in the security process and not only will they be more willing to comply, but perhaps they can provide insights you may have missed.
At Directive, we know our team is our greatest asset and we do all we can to provide them the information needed to not only be their best, but to help us be the best we can be too. Reach out to us for the solutions to help you do the same.