• Home
  • About
  • Contact Me

IT Managers Inbox

Resources for IT Managers

  • All Topics
    • Productivity Tips
    • IT Security
    • IT Operations
    • Help Desk
    • Management
    • Leadership
    • Project Management
    • IT Service Management
    • Career and Training
    • Featured Posts
  • Management
  • Leadership
  • Project Management
  • IT Service Management
  • Career and Training

Help Your Employees Understand Data Risk Management

By Sam Grier

riskmanagement Theft of confidential information is a risk to the business and IT plays a large role in protecting the data. Not all data is electronic though. Files that identify customers and employees, Social Security numbers, credit card information and other account data are just some of the forms of sensitive data a company must protect.

Failing to protect confidential information can lead to identify theft and fraud. You can lose the trust of your customers and even end up defending yourself in a lawsuit. Data loss is often due to employees who are do not follow IT security policies or inadvertently expose the company network to risks.

According to the first annual ISACA IT Risk/Reward Barometer survey the top three ways employees add risks for IT and the business:

  • Not protecting confidential work data appropriately (50 percent)
  • Not fully understanding IT policies (33 percent)
  • Using non-approved software or online services for their work (32 percent)

Many studies have shown that “Lack of End User Training is a Large and Growing Threat to IT Security”. This is why your employees play a very important role in IT security.

Tips For Protecting Your Company Data

Lock It Up

Computer and network defenses are important, but don’t forget all data is not electronic. Offices are filled with files containing sensitive or confidential information. Here are a few steps employees can take to secure data.

  • Make sure every employee has a secure drawer or cabinet to lock up files.
  • Centralize sensitive paperwork in a secure location and limit access to only employees who have a legitimate business use for the data.
  • Remind employees to never leave documents out even if they will only be away from their desk a short time. Just open the secure drawer and lock it. It is a habit every employee needs.
  • If you are shipping sensitive data off-site use a secure package and a shipping method that allows you to track the package.
  • Employees with company laptops should be educated on how to secure them in their car and in their home.

Help Employees Keep Your Network Secure

It only takes a few seconds for spyware, viruses or other nasties to invade your network. IT departments use advanced tools to protect a network, but employees must understand their role in electronic security.

  • Encourage employees to use strong passwords, the longer and more sophisticated the better. Teach your employees methods of remembering strong passwords so they do not write them down and enforce mandatory password changes.
  • Block sites that are not work related or that are known to have risks associated with them. Educate your employees that they only have to visit the wrong website to become infected. To an employee what seems like innocent web surfing can be a huge risk to your network.
  • Teach your employees to never open an email attachment from someone they do not know. Even if they know the person employees should always be wary of attachments. Give them a list of known file name extensions they should never open regardless of who it seems to be from.
  • Educate your employees on the hazards of installing unauthorized software on their computer.
  • A study last year found that 67% of employees use removable media such a personal USB thumb drives at work. Not only does this put your IT systems at risk from a potential virus, but with the size of removable media today gigabytes of company data can be downloaded to them. Consider blocking access to mass media devices via USB ports.

Employees And IT Policies

Nearly every company new hire will sign an IT security policy, but do they really read it? Many employees a simply not aware of IT policies that are setup to protect company data and the IT systems that support the business.

  • There are some ways to make your employees more aware of IT polices.
  • Educate them by using online or classroom training on IT policies
  • Post IT policies on the company intranet site
  • During new hire orientation don’t just get them to sign the policy, take time to go over it so they fully understand the policy and what role they play
  • When changes are made to IT policies make sure all employees are made aware of them.

Education Is The Key

You can not rely on IT solutions alone to protect your IT systems and your company data. There are areas that put IT systems and the business at risk where educating your employees is they key.

Some areas to highlight:

  • Educate and train employees about company expectations for protecting data
  • The use of unauthorized software on company computers and company cell phones
  • Include security awareness training during new-hire orientation
  • Establish a security aware culture by using frequent reminders like posters and emails about IT security and company data.
  • Teach employees about security considerations when on the phone and connecting to the Internet, social networking, and collaboration sites.
  • Teach employees about physical security, such as only allowing employees with badges to enter buildings.

Are Your Employees Security Aware?

Protecting confidential data in all forms is critical to the business and IT has a large role in making sure the data is secure. A disgruntled employee can cause tremendous damage to a company, but the biggest risks are employees who don’t take proper care of company data.

Constantly review your IT polices and make changes if needed. Educate your employees so they understand they play a very important role in protecting your company data. Employees do not want to put your company at risk, but for most data security does not cross their mind. They think the IT staff will handle all that.

Helping your employees understand their role in protecting sensitive and confidential information as well as overall network security is a sound best practices you should put in place right away.

The SANS (SysAdmin, Audit, Network, Security) Institute offers a very good set of security guidelines called “Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines”. If you think your security policies are lacking or need updating this would be a good read.

Share this:

  • Facebook
  • Twitter
  • LinkedIn
  • Email
  • More
  • Pinterest
  • Tumblr
  • Print
  • Reddit
  • Pocket
  • Instapaper

Related That May Interest You

Filed Under: IT Security Tagged With: IT Security, Network Management, Security Management

Popular Articles

  • 13 Sites to Download Free eBooks
  • 10 Certifications to Improve Your IT Career
  • How To Deal With Low Morale in The Workplace
  • 5 Ways to Stay Positive in Negative Situations
  • How Passion For Your Job Can Lead To Success
  • How To Work Under Pressure
  • How To Write IT Technical Documentation
  • How To Convert An Email Into An Outlook Task
  • How to Plan a 5S System Launch
  • A 5S Office System - Part 1 Planning
  • Leadership Skills – The Top 5 Skills Needed For IT Leadership Roles
  • 5S System Step 1 - The Sort Step

Latest Tweets

  • Agile project management: A comprehensive guide | CIO https://t.co/lNOtb5MYKB March 2, 2018 5:05 pm
  • The Skills Companies Need Most in 2018 – And The Courses to Get Them - LinkedIn https://t.co/l8fWcK2BvD January 28, 2018 4:45 pm
  • What You Need to Know About Interviewing in 2018 | Official LinkedIn Blog https://t.co/m1zGkCLgpo January 28, 2018 2:05 pm
  • 50 best small companies to work for of 2017, according to employees - Business Insider https://t.co/DeDU2AAb9t December 4, 2017 5:01 pm
  • 2017’s Best & Worst Places to Start a Career #Career https://t.co/9VLvFI5JIu October 21, 2017 7:15 pm
  • Which Is More Important: Faster RAM or More RAM? https://t.co/hPzgQlw1yd September 9, 2017 1:05 pm
  • Leadership training: 10 online resources for developing leadership skills | CIO https://t.co/NeGCSlTyx8 September 5, 2017 3:55 pm
  • If your Wi-Fi router is on this list it might be vulnerable to hacking tools. https://t.co/DCGjoqTXmD June 17, 2017 3:50 pm
  • OneDrive Files On-Demand now available for Windows Insiders https://t.co/l1wNO24Xsp June 17, 2017 12:45 pm
  • Win7 Monthly Rollup KB 4022719 triggers printing problems in Internet Explorer @ AskWoody https://t.co/DdB74SBCmL June 16, 2017 1:00 pm
  • Follow ITManagersInbox On Twitter
IT Managers Inbox Runs On The Magazine Theme

© Copyright 2008-2018 IT Managers Inbox · All Rights Reserved

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.