By Kevin Beaver
You probably don’t realize it, but your role as a business leader is a lot like managing an adult day care center. Your employees are your worst enemy, and it’s merely a matter of time before someone does something to place sensitive information at risk.
Curious, malicious or otherwise careless users can create all sorts of information security-related issues in your business, including:
- Exposed intellectual property, which can negate much of the time, money and effort you’ve put into the legal side of protecting your business assets;
- Compromised personally identifiable information that can lead to compliance violations and subsequent legal problems;
- Accessing illicit websites that can create HR-related challenges such as sexual harassment that you might not be ready to take on; and
- Malware infections that can install keystroke logging software on your computers or allow your systems to be accessed and controlled from foreign states and hackers looking to attack other business and government systems.
Your entire computer environment is literally one click or one careless choice away from compromise. Don’t write this off as an IT problem — it’s not.
One of today’s biggest business dangers is when executives pretend that IT-related issues don’t affect their business.
These issues affect every business. Information risks can be tied directly to your business’ bottom line. Trusting your employees and assuming that you have nothing of value on your network that the bad guys would want is not enough.
If overseeing all of this proves too much for yourself or others in your business, it’s probably time to hire an IT manager or security administrator with the skills to tackle the job. Here are four steps you can get started with right now to keep your computer systems in check:
- Determine what information is where (hint: it’s everywhere across your network), and what your employees are doing on their computers (hint: they’re doing more than you think).
- Understand how unprotected information and your employees’ choices are putting your business at risk.
- Do something to minimize your risks with technology, like documenting policies and employee training that underscores why sensitive information need to be protected.
- Refine and repeat over time.
Odds are that your computer network is as simple now as it’ll ever be. Network complexity breeds more uncertainty, which translates into unnecessary risks you don’t need to have. Make the decision today to set your users and your business up for success by giving information security the attention it deserves.
Kevin Beaver is an independent information security consultant, expert witness and professional speaker with Atlanta-based Principle Logic. He has authored/co-authored 11 books on information security, including the bestselling Hacking For Dummies. In addition, he’s the creator of the Security On Wheels audio books and blog providing security learning for IT professionals on the go. Kevin can be reached at www.principlelogic.com, and you can follow him on Twitter at @kevinbeaver.
Originally published: Sep 20, 2011