What’s the weakest link in your security policy?

Whilst companies are looking at their budgets for areas to trim spending, security is one option that shouldn’t be considered. Recent IT surveys have shown a split between companies seeing security as a key investment area, whilst others are putting their company at risk by cutting security spending. A security breach could end up costing your business more than you save.

Employee e-crime is often a result of unhappy work lives, those looking to quit their job are often at a higher risk of stealing data. On average 95% of employees resigned before or after they stole information. At a time when layoffs are high, unhappy employees (especially highly IT literate ones) will look for ways of seeking compensation by revenge or sabotage of the company. By having a keen awareness of your IT security procedures at this time is vital to protect your company.

If you fail to back up acceptable use policies with monitoring and enforcement technology, have an absence of reporting systems to track staff misuse and have no plans or ability to collect evidence, such as system logs, to investigate problems you’re putting your company at risk.

Security breaches can include:

• Download of illegally pirated software and music.
• Wasting expensive bandwidth
• Use of email to transmit confidential information such as industrial or trade secrets, medical records, legal information or personally identifiable information.
• Sabotage, financial gain and business advantage were the main motivations.

When it comes to security, your staff may be the weakest link in the chain, the best technical security measures on their own will not protect you from a malicious or negligent employee. A mix of hardware, software and employee training is necessary. Highlighted below are some security measures that all companies large or small should have in place and be enforcing.

1. Use security technology to enforce policies, prevent malware infections and protect sensitive information.
2. Include insider threats and employee misuse in your business risk assessments and security plans, including response plans.
3. Put a clear, pragmatic and comprehensive Acceptable Use Policy in place. Ensure that employees understand it. Review and update it regularly so it keeps up with emerging threats and problems.
4. Train staff about your Acceptable Use Policy and internet security on a regular basis.
5. Ensure that managers and HR are aware of the risk of disruptive and disgruntled employees, especially when they are in ‘exit mode.’
6. When someone quits, make sure that their access to company IT systems is terminated immediately.
7. Operate a ‘need to know’ and ‘need to access’ policy, enforcing the principle of least privilege so that people can’t access more information than they need to do their current job.
8. Enforce strict password policies. This includes regular password resets.
9. Track company IT assets and restrict physical access to secure areas, such as server rooms.
10. Log, monitor and audit employee online actions (but get legal advice and follow guidelines).

Don’t leave it too late before you review your security procedures. Contact Circle IT today to discuss how we can help keep your company secure.