What Keeps a Company Secure?
With over ten years of IT experience, you tend to pick up a few things. You become a witness to the cyclical behaviors of companies and learn what to do, what not to do, what works, and what does not. Many organizations focus on productivity, efficiency, and expansion, but lately the focus has shifted to security: organizations want to protect assets and investments. Often, companies introduce the latest and greatest technologies and gadgets into their organization with the expectation that the new tools will enhance security.
Yes, cool tools can be helpful for securing a company, but have you considered what really keeps a company secure? It’s the people! From the owners to the employees, they all have a significant role in security, and security promotes all of the aforementioned company goals. Without it, detriment to the organization is certain. New technologies and gadgets are great, but without the knowledge to correctly implement these products, security risks are inevitable.
Three key factors are needed to promote a secure culture in an organization: Communication, training, and adaptability.
3 Key Factors to Promote a Secure Culture
- Communication was best described by Management Study Guide which states, “Communication is a source of information to the organizational members for decision-making process as it helps identifying and assessing alternative course of actions”. Therefore, having an outlined organizational structure and empowering employees with said knowledge will streamline reporting of security incidents, security concerns, and assist leaders with engaging the correct resources to resolve detected security issues.
2. EASE OF USE
Training is a twofold process:
1. Awareness - Social Engineering
- Train the employees on social engineering attacks – phishing and phone call lures. Informing employees about the dos and don’ts along with providing realistic examples of ways to avoid providing sensitive and confidential information about the organization is important for security breach prevention. Trend Micro supports this way of thinking suggesting that “educating employees on easy tricks to remember when interacting with links in email messages can drastically improve an organization’s cybersecurity posture.”
2. Train Employees on New Technology
- Most organizations are always implementing changes whether it is a new operating system, Internet Browser, or cell phone carrier. What sense does it make to purchase a tool that no one knows how to use? The tool may be more hurtful than helpful if it isn’t implemented properly. Ensure that the employee responsible for these new tools have enough depth to ensure that all security countermeasures that can be applied are implemented properly. Invest in your people; it will pay off in the long run.
- Let’s not forget continuous turnover or growth that causes new employment, employees retiring, and even promotions throughout the company. Having security standards and processes for things like in and out processing of employees is imperative. Other examples include knowing what to do with a computer when an employee leaves the organization or changing employees’ access to server resources, or removing and/or minimizing access to certain areas within buildings. Quick turnaround time is vital to prevent unwarranted access to employees.
And there you have it, three methods to promote a secure organizational culture. The takeaway from all of this is security begins and ends with people. People must be vigilant by obtaining knowledge via open lines of communication; the organization must employ processes to follow and invest in their people by providing the necessary training; and let’s not forget, being adaptable in today’s society is a must, so all individuals within the company must be willing to evolve.
Change is expected, but how change is applied is up to the organization which in turn will impact the success or failure of its security culture. Ask yourself, “Are you willing to do what it takes for your organization to remain secure: Communicate, train and adapt?”
Sr. IT Consultant | AfidenceIT