Five Common Mistakes In Your IT Security Policy

Five Common Mistakes In Your IT Security Policy

posted in Product ● 3 Apr 2014

Every business needs an IT security policy. A document that contains the whys and wherefores of security in your IT department. Given the relatively permanent nature once such a document has been approved in the corporate environment, it bodes well to pay some special attention to common mistakes regarding the security aspect of it. 

1.   Using free software to store important documents 

There are some pitfalls when it comes to using free data storage. These are typically provided in the cloud. Because of this, files have a tendency of not sticking around in the place where you left them. Tracking documents and managing access rights is very restricted on these platforms. When you can’t track documents in this way, you won’t know who accessed, who edited them, what the changes were, or worse, where they were transported to.

The following factors will help you determine free document storage in your IT security:

  • Confidentiality/secrecy types
  • International jurisdictional requirements
  • Permanence/longevity of a document
  • Roles and responsibilities of users interfacing with a document or file 

2.   Having no real BYOD policy, and not enforcing it 

“Healthy growth in smartphone and media tablet shipments over the next five years will enable a much higher level of IT consumerization than is currently possible,” says Chae-Gi Lee, research director at Gartner. “Enterprises should recognize this and look to ‘mobile enable’ their IT infrastructure for employees to meet the growing demand for mobile device use in the enterprise IT environment.”
This means that BYOD is here to stay. In fact, consumerization will be the cause of nearly half of BRIC countries (Brazil, Russia, India, and Chin) providing technical support to these devices. How will your business handle IT security with the influx of employee’s mobile devices being used for day-to-day activities? 

3.   No plan for network-wide upgrades 

Companies like Oracle and Microsoft recommend having a checklist for whenever upgrading computer systems network-wide. The tedium of this notwithstanding, the values lies in the precautionary steps taken to secure data residing on these networked systems. Steps like “Check log for errors”, “Back up important data”, “Verify software compatibility”, will all help prevent a failure that could leave an upgraded machine dead in the water. 

4.   Not tracking what employees are doing 

This kind of tracking rather refers to knowing what employees are doing and limiting unauthorised access. Restricting accidental negligence as well as opportunistic attempts of fraud and sabotage is the focus of your IT security policy.
But beware of pulling the proverbial leash too tightly. A poll shows that 81 per cent of employees value creativity in the workplace yet only a third of employees seem to respect it. This can leave employees feeling unmotivated affecting productivity in the long run. Be sure to find a balance in your IT security when it comes to enforcing the rules. 

5.   Risky internet usage 

Internet security is your first line of defence against a malware infection. Browser protection is key when it comes to company-wide internet access. Typical things to look out for are safer passwords and blocking relevant websites. This will leave work-related functions unstifled by red-tape while protecting user’s accounts from being penetrated through vulnerable or malicious websites. 

Take care

Take care when developing an IT security policy. Remember that, should it not suit the needs of your business, it should be adjusted to allow for maximum productivity while maintaining a sense of order and control over the ever-increasing list of threats to your business’ IT systems.

Rise in laptop sales leads to data protection worries

Reading, 6 April 2020 – An unwelcome repercussion of employees snapping up laptops for home working ahead of the coronavirus lockdown has been an even bigger spike in cyber-criminal activity.

Continue reading

O365 cyber attacks stress need for isolated backup

Johannesburg, 17 December 2019 – Office 365 is a prime target for cyber criminals – and it’s not difficult to understand why when Microsoft announced this year that it has more than 180m active commercial users every month.

Continue reading

Game-changing pricing for O365 protection

Johannesburg, 24 October 2019 – Redstor, the company disrupting the world of data management, will demonstrate at the Gartner IT Symposium/Xpo™ in Barcelona how a pioneering technology developed in South Africa slashes the cost of Office 365 protection.

Continue reading