We live in a connected world. Mobile technology and computer networks have sped up so many of our work processes and we are able to produce more than ever before. Unfortunately, the development of high-tech communications has outpaced the discipline necessary to secure so much shared information.
In fact, recent studies have shown that one of the most common causes of data breaches in recent years is human error. The specific mistakes vary, but the fact remains that because networks are created to provide remote access, they are inherently vulnerable to unauthorized access and misuse.
Employees aren't the only to blame for these errors. A surprising number of companies don't have security policies in place. One study conducted by InsightExpress found that one out of four companies surveyed have no security policy whatsoever.
In addition, many companies that claim to have security policies in place are in need of updating their policies, and 40% of their employees aren't even aware that any policies exist. So, whether your business employs one or one thousand employees, you need to improve your network security.
Creating a Security Policy
Just as the business practices and job tasks vary between companies, so do company security policies. There are several factors to consider when creating your company's policies.
- Establish a chain of authority which can be maintained.
- Know what information each employee needs to access in order to do their jobs. Use authentication and authorization to restrict access which is unnecessary for specific jobs.
- Integrate policies with job tasks so employees don't feel caught between completing their job and complying with security policies.
- Make policies understandable and manageable. Experts recommend a maximum of 12 policies.
- Write policies which are realistic and enforceable.
Having a policy in place is only effective if employees comply with it. There are many reasons employees give for non-compliance including:
- Believing there isn't enough risk to be concerned
- Security is not their top priority
- Total apathy when it comes to company security or don't realize that security is a concern for the company
- They don't know or don't understand the policies
- Being in a hurry
Many of these problems can be helped with effective education and communication. Help your employees understand the effects of a data breach. Include security briefing in new hire orientations and train employees on updated policies in person rather than via email.
Many companies are choosing to allow employees to bring their own devices to work. This has many benefits as it saves the company money and allows employees to work remotely. However, it has also been the cause for many security concerns. Mobile malware rose 155% in 2011.
Related: BYOD: Does Mobile Anti-Virus Work?
As previously mentioned, employees can be both careless and uneducated in security practices, which makes them susceptible to keylogger software, viruses and other hacking attempts. Include standards in your security policy that addresses the use of personal devices for work-related activities.
Examine the Effectiveness of Security Practices
Analytics software and third party testers can help you determine the vulnerabilities in your network. In the case of a data breach, analytics can also help you recover more quickly by determining the cause of the breach and the specific data which was compromised. Many companies lose time, money and customers by announcing a breach too quickly and assuming or overestimating the amount of data compromised.
Our connected world comes with both benefits and responsibilities. By securing your company's network, you can save yourself time and money, avoid stress and maintain the trust of your customers.
Bio: Rick Delgado is a tech guru. From the latest gadgets to securing networks for major businesses, Rick has seen and wrote about it all. Rick has over 12 years of professional experience in technology. He currently is a freelance writer in Park City, UT.