IT Security Starts With Your Staff
We wish IT security was as simple as setting up a proper firewall and installing an antivirus. We talk extensively about security solutions that cover a lot of your bases, such as our Network Monitoring and Security Suite. While these enterprise-level solutions are essential, any investment in protecting your network can be upended by a single act of user error.
You see, the bad guys are clever, and they wouldn’t be building malware and stealing data if it wasn’t lucrative, and the successful hackers are very good at beating the system. A huge trend that has been growing for years involve hackers doing more than just infecting computers the old fashioned way; today they are targeting people using tactics like social engineering and offline infiltration. They know that they can get access to your network by asking the right user the right questions over the phone or via email. They know how to get just enough information to sound somewhat legitimate, too.
Get Everyone on Board
It’s up to you to establish an IT security mindset with your employees. It starts with management and needs to trickle down across the entire organization. Getting other C-levels closely looped in, then office managers and even HR is an excellent way to make sure employees take security seriously.
Show That IT Security Isn’t Meant to Be a Burden
If you fire off new processes like two-factor authentication or push policies to employees phones without rallying them first, you’ll likely get moans, groans, and push back. It will feel like you are making their jobs harder when, in reality, you are protecting them and the organization. Instead, it’s a good idea to teach your people WHY security matters to them. Good employees want what’s best for the company and will see value in protecting the company if they understand that these new security processes aren’t designed to be roadblocks.
User Awareness and Security Training
In 2017, a new malware program was discovered every 4 seconds. More than 350 million new pieces of malware were released in 2017 — computer viruses or other malicious software. That means nearly one million new threats were released each day. There are currently over one billion known unique malicious files in existence. You and your users are, without a doubt, the most significant threat to your network. User training is a vital part of a comprehensive security solution.
Have Regular IT Security Check-Ins
Whether you put together a weekly email or hold a monthly meeting, stick to it. If you make security enough of a priority that you don’t postpone a piece of your plan, your staff will feel the importance of it. Plus, this allows you to take smaller steps that ensure putting good habits in place.
Until IT security mindfulness is achieved, the responsibility is on you to make sure your staff understands the new processes and procedures. These responsibilities may include thoroughly documenting your security best practices, including it in the employee handbook, creating training videos, and hanging posters. Plus, as security threats and compliances evolve, you’ll need to update your materials.
After most of your staff seems to “get it,” you can establish the repercussions for failing to comply with company rules. Remember that most practices can be easily remediated – depending on the severity of the issue, a first-time offender probably doesn’t need to lose their job. That said, repeat offenses and blatant disregard for IT security should be dealt with swiftly and corrected. One weak link can harm the entire chain.
Encourage Issue Reporting and Support Requests
One of the biggest tools you can equip your people with is the ability to put in support requests and report on anything suspicious. If they don’t feel comfortable and encouraged to put in support requests, they might not raise their hand when something severe is happening. This can be caused by not wanting to bother management with something that seems unimportant, or from having a fear that they will get in trouble for potentially causing an issue. It’s critical that you establish a clear value to reporting issues and mistakes that happen.
That’s where Keystone comes in. We can not only help you establish the infrastructure to protect your business, but we can help enforce, audit, and support your organization. We can act as your in-house IT department and field employee support questions. Let us help you protect your business from the ever-increasing number of online and offline threats. Give us a call at 615-826-3500 today and have a chat with one of our IT security experts.