Five Common Mistakes In Your IT Security Policy
Every business needs an IT security policy. A document that contains the whys and wherefores of security in your IT department. Given the relatively permanent nature once such a document has been approved in the corporate environment, it bodes well to pay some special attention to common mistakes regarding the security aspect of it.
1. Using free software to store important documents
There are some pitfalls when it comes to using free data storage. These are typically provided in the cloud. Because of this, files have a tendency of not sticking around in the place where you left them. Tracking documents and managing access rights is very restricted on these platforms. When you can’t track documents in this way, you won’t know who accessed, who edited them, what the changes were, or worse, where they were transported to.
The following factors will help you determine free document storage in your IT security:
- Confidentiality/secrecy types
- International jurisdictional requirements
- Permanence/longevity of a document
- Roles and responsibilities of users interfacing with a document or file
2. Having no real BYOD policy, and not enforcing it
"Healthy growth in smartphone and media tablet shipments over the next five years will enable a much higher level of IT consumerization than is currently possible," says Chae-Gi Lee, research director at Gartner. "Enterprises should recognize this and look to 'mobile enable' their IT infrastructure for employees to meet the growing demand for mobile device use in the enterprise IT environment."
This means that BYOD is here to stay. In fact, consumerization will be the cause of nearly half of BRIC countries (Brazil, Russia, India, and Chin) providing technical support to these devices. How will your business handle IT security with the influx of employee’s mobile devices being used for day-to-day activities?
3. No plan for network-wide upgrades
Companies like Oracle and Microsoft recommend having a checklist for whenever upgrading computer systems network-wide. The tedium of this notwithstanding, the values lies in the precautionary steps taken to secure data residing on these networked systems. Steps like “Check log for errors”, “Back up important data”, “Verify software compatibility”, will all help prevent a failure that could leave an upgraded machine dead in the water.
4. Not tracking what employees are doing
This kind of tracking rather refers to knowing what employees are doing and limiting unauthorised access. Restricting accidental negligence as well as opportunistic attempts of fraud and sabotage is the focus of your IT security policy.
But beware of pulling the proverbial leash too tightly. A Time.com poll shows that 81 per cent of employees value creativity in the workplace yet only a third of employees seem to respect it. This can leave employees feeling unmotivated affecting productivity in the long run. Be sure to find a balance in your IT security when it comes to enforcing the rules.
5. Risky internet usage
Internet security is your first line of defence against a malware infection. Browser protection is key when it comes to company-wide internet access. Typical things to look out for are safer passwords and blocking relevant websites. This will leave work-related functions unstifled by red-tape while protecting user’s accounts from being penetrated through vulnerable or malicious websites.
Take care when developing an IT security policy. Remember that, should it not suit the needs of your business, it should be adjusted to allow for maximum productivity while maintaining a sense of order and control over the ever-increasing list of threats to your business’ IT systems.