Over the years I’ve managed to find several ways to quickly flush away a perfectly good conversation, none quite so efficiently as bringing up Information Security. Just mentioning the phrase, “Information Security” spawns looks of boredom, confusion and fear. While upsetting, these reactions aren’t completely unjustified. Movies, T.V. shows, and the nightly news portray highly skilled computer criminals lurking around every corner. In reality though, attacks are normally automated, targeting known vulnerabilities and human behaviors.
If employers, software manufactures, and vendors would take proactive steps to reasonably communicate security concerns and best practices, everyone would benefit. Companies hold awareness sessions to discuss topics like sexual harassment, diversity, and work-life balance. Why not also utilize simple Information Security Awareness tactics to mitigate the most common attacks? Still, more often than not Information Security is considered too difficult to communicate to staff and is thus delegated to IT professionals or consultants. IT staff become frustrated with simple user mistakes and turn to an overly restrictive asset lockdown rather than balancing security with business needs and staff education. Employees frustrated with restrictive security practices inevitably find ways to circumvent them, creating a whole new realm of unknown issues.
Overall Information Security Awareness is the only way to implement and maintain true usable security. Security can’t be a dictate forced upon the employees; it must be explained, discussed and reviewed to ensure all parties understand the risks and rewards associated with Information Systems. Everyone, not just IT staff, is responsible and should be held accountable for ensuring proper Information Security. Imagine the benefits and cost-savings tied to a workforce made aware of common Information Security vulnerabilities combined with documented security best practices. Microsoft offers a very complete kit to help businesses understand and create an Information Security Awareness program. Download and review the kit.
What could a single security awareness meeting per quarter or an entry in your company newsletter save you in security costs? What productivity gains might you see if users could utilize technology as intended rather than locking out audio, video and interaction? What other issues might you head off from a legal or HR standpoint? There is no doubt that Information Security is a huge part in utilizing technology. What are you doing to ensure you and your employees are aware of threats and solutions?
Filed under: Technology Tagged: | Chris Jenkins, Informtion Security, IT Management, Management, Security Awareness, Small Business
Chris Jenkins
Adam Mahle
Kristen Vitartas
Joel Musheno
Damon Muchmore
Jacob Prystowsky
