Cisco? today announced findings from a new global security study that spotlights numerous risks taken by employees that can lead to one of the most
It’s a very interesting study because it illustrates various gaps between IT policy and user beliefs/actions. The survey focuses in on differences between user perception and IT management perception of security risk. They also examined the differences between cultures. What they discovered was that many users have blurred the lines between work and personal computer usage, especially where email, IM, and social networking is concerned. It may be that users do these things with the best of intentions, or at least not malicious intentions, but these actions may still result in increased security risks for corporate data.
Here’s the thing, everyone wants to do their job and most of us can’t get the whole job done in the office. So some workers email files to themselves, save files on unprotected storage somewhere out on the Internet, or copy files to an unencrypted USB memory key. Maybe a worker takes a laptop home and lets his kid use it to browse the web. Most of the time nothing bad happens, but sometimes a USB key gets lost or storage gets hacked, and now your corporate data is gone. Or someone exposes their PC and then your network and servers to malware.
So what can you do? I’ve been saying for years now that we need to create an environment of security within our businesses. In the words of Christopher Burgess, Senior Security Advisor for Cisco, “Every organization needs to define an individual’s responsibility for security. We need to establish a culture of security.” Everyone in your business needs to understand that data is worth something. As a business owner or an IT manager, educate users to understand that they can have the freedom they need to do their work within the boundaries that you set in order to protect them.
Ask users to imagine that each piece of corporate data with which they are entrusted is their own identity or credit card information. Would you be as carefree with your own information as you are with someone else’s? I think we all know the answer to that is most definitely not. Take precautions to protect data and keep it safe. Help your coworkers protect the data they work with. Create a safe computing environment and continuously educate users in order to maintain it.