Your employees are your biggest asset and biggest security risk. Failure to protect your business and your data could cost you dearly. Know the basics.
IT Governance
Your business needs to find a balance between security and giving your staff access to the tools and systems they need to do their jobs well. Good IT governance will help you manage that balance. With new rules, legislation, codes of practice and growing customer expectations, your obligations with respect to data security, privacy, confidentially and processes have never been so acute. If you think your business is at risk or lacking IT governance, the first step is to seek expert advice.
Security breaches are usually unintentional
The risk: Most of the time, employees have no intent to harm your business. Instead, staff might be putting your business at risk unintentionally. They could be using personal email and storing or sending sensitive data on external systems such as SharePoint, Google Drive or Dropbox. Your employees might even do so out of desire to do their jobs well e.g. if your internal systems are unable to receive or send very large files.
The solution: Develop and implement an Acceptable Use Policy, then monitor (and optionally enforce) it using standard technologies and techniques. Consider exceptional cases (e.g. for very large files) and apply the technology appropriately
Password protect is a must
The risk: Employees use devices with poor password protection, no data encryption, or no password protection at all. All it takes is one lost laptop and you have a serious data risk on your hands.
The solution: ensure all computers, laptops and mobile devices are encrypted and password protected. Enforce this through correct configuration. Don’t rely on your employees to do it for you.
Unauthorised software
The risk: The most common source of unauthorised software is a virus downloaded by an unwitting employee. Viruses can easily spread through your network, leaving your private information vulnerable to outsiders.
The solution: Use antivirus software to scan attachments before they’re downloaded. Teach your staff to look out for suspicious emails and use strong passwords.
Bring Your Own Device
The risk: Businesses are increasingly embracing BYOD as a practical and cost-effective workplace solution. It gives staff access to work email, applications and systems on their personal devices, making your staff more available to you than ever. The flipside to this flexible practice is the risk that it carries. BYOD traffic can take up excessive bandwidth and network space. Personal devices may not be encrypted or password protected.
The solution: Ensure all devices can encrypt company data and are password protected. Have a BYOD policy in place and monitor usage. Using an integrated device management or remote access tool can make a significant difference to managing the level of risk to your business.