ICFiles
SOC 2
Secure File Transfer Soc 2 starts at $1 per month
Technology: Data Security is Everyone's Business
What's New in Technology
July 2015
Get this Article Get this Article & Suite of Tools
Technology: Data Security is Everyone's Business
In today’s world, most people know a bit about cyber thieves and data breaches. This being the case, why do we continue to learn of major data breaches here and worldwide? A couple of years ago, a major technology provider conducted a survey of users and IT professionals in the United States and nine other countries, including Brazil, China, France, Germany, Italy, India, Japan and the United Kingdom. The results showed alarmingly high percentages of misuse of company computers by employees and risky behavior that skirted or ignored company guidelines. These issues continue to dog companies large and small all over the world, robbing them of millions of dollars and causing them to lose the trust of customers and business partners.
Perhaps the most jarring fact is that a company’s employees statistically are its biggest security risk. Understanding why employees – knowingly or not – bypass data security rules can help businesses create better security efforts. Breeches frequently occur when the employees’ desire to ignore policies exceeds their understanding of the risks they are taking. The challenge is to effectively communicate how employees’ individual self-interest lines up with the company’s IT security goals and what each employee is expected to do. Every employer needs to be able to spell out the rewards of compliance and the very serious results of noncompliance in words that every employee can understand. IT jargon and fancy phrases won’t cut it.
Many employees simply don’t regard IT security as their concern. A business owner has to help them see it is, by showing each their role in complying with IT procedures. It is crucial that owners foster a two-way dialogue that allows employees to come to their boss with questions, concerns and observations. Nobody likes to tell tales, but employees must be encouraged to report – in confidence – breaches in IT security.
Unauthorized Downloads and Apps
Almost 70 percent of IT professionals in the international survey believed unauthorized use of applications and programs was the cause of about half of their company’s data breaches. Personal email accounts represent the most popular unauthorized apps, closely followed by paying bills online, Internet shopping and instant messaging. When employees do any of these, they risk infecting corporate networks with malware and inadvertently giving entry to hackers.
Unfortunately, in many business operations, employees believe their violations won’t be discovered; and if they are, the penalties won’t be serious. Employees need to be trained and regularly reminded that policies that restrict access to unauthorized apps and sites are not just the boss being a killjoy. They must understand what constitutes unauthorized sites, and why using unauthorized apps on company IT equipment is risky and forbidden. Although important, it is insufficient to print and issue each employee an IT Security Manual upon hiring.
Perhaps the second biggest problem area involves employees transferring files to their personal computer or devices when working remotely. In the survey, a staggering 75 percent of offsite workers admitted to not using any privacy protection when in public places. Anyone who is authorized to work remotely should be issued company equipment (armed with full and updated security/password protection etc.) that is to be used for business only. This is one area where the scofflaws are frequently top executives. The policy must be applied uniformly from the top on down, and it’s crucial that business owners and top executives lead by example.
Stopping data leakage is a worldwide business challenge. By addressing the inside threat created by careless employees and workers who don’t understand how IT policies safeguard their place of employment and their jobs, business owners can be a force for welcome change.
Get this Article Get this Article & Suite of Tools
These articles are intended to provide general resources for the tax and accounting needs of small businesses and individuals. Service2Client LLC is the author, but is not engaged in rendering specific legal, accounting, financial or professional advice. Service2Client LLC makes no representation that the recommendations of Service2Client LLC will achieve any result. The NSAD has not reviewed any of the Service2Client LLC content. Readers are encouraged to contact their CPA regarding the topics in these articles.
Dynamic Content Powered by Service2client.com
SEO Content Powered by DynamicPost.net