It usually starts out as a simple question, “How do I work more securely?” It is a simple question that opens a Pandora’s Box of more questions and a flood of information that could easily overwhelm and confuse even the most veteran IT administrator.
It is a very open question, “How do I work more securely,” yet it is also a question that can be answered on an infrastructure and systems-level or on a personal process and behavior level and can really be broken down into three parts:
1.) Web of IT Technologies
2.) Training and Education
3.) Security Habits
Enterprise IT technology and even SMB IT technology is changing and advancing very quickly, and in order to stay ahead of the very changing nature of the Black Hat cyber threats, it must continue to advance. Businesses are forced to make a lot of technology choices every day/week/month/year, and these choices not only directly affect their security level but also the ability of their employees to work more securely.
CIOs and IT administrators must be careful in selecting IT technology, and make sure that it not only meets threat requirements, but is also easy and intuitive to use as well as usable on all platforms. The biggest key factor in the success of a security technology is that users can easily use it and apply it to their work needs.
The other big issue is how all these security IT technologies relate to one another in creating a security web to catch cyber threats, much like the linking strands of a spider web which are made strong to catch bugs. If one of the technologies is weak, or so complex that it is not used correctly or not used at all then the whole security web is not only weaker, but it is in more jeopardy of a breach.
Recommendation: Choose your IT security technologies carefully to ensure ease of use and connectivity and synergy with your current IT security technologies. This is critical whether you are a two-man operation or a Fortune 500 company. It is also recommended you provide sufficient training for your staff.
There are so many technologies that are involved in the IT infrastructure of today’s SMB and enterprise businesses that understanding the relationship each one has to the other and how to optimize and use them correctly requires a large amount to study, practice and training.
Today’s employees and staff are more technology-savvy than ever before, yet they are also more technology overloaded than ever before so they lack the time and capacity to learn new technologies on their own.
This means that in order to bring a new IT security technology online, the people who will use it need to be educated and trained on how to use it as well as trained on how to apply it to their work requirements and processes. The best way to do this is to have an in-house or contracted technology trainer who specializes in training large groups of people in a quick and efficient way to in order to bring new technologies online quickly.
A skilled IT trainer will be able to learn about a new technology during the evaluation and vendor selection phase – which will then allow them to give feedback to the level of training and implementation difficulty the new technology may present. This is an important and valuable step in the technology selection and purchasing phase. After the technology selection, the IT trainer will be trained by the technology vendor so that they have the ability to train others and work with the IT staff to determine how to apply the technology to the various business processes and work requirements.
A good trainer will be able to create a training program and process that will allow staff to learn, practice, apply and become proficient with the technology in the quickest possible time. Offering a training program is a critical step as it encourages adoption and engagement, and in turn, ensures staff is abiding by the organization’s security protocols.
Recommendation: Having a skilled trainer to train staff on new technologies is the quickest and most cost-effective way to implement a new technology within an organization. Training is critical for all security technology, whether it is for personal or business use. Security technology depends on knowing how to use it correctly in order to provide the highest level of protection.
It is critical to have reliable IT security technology protecting company data, but the successful security of all such technology is dependent not only on having staff who have been trained to use it correctly, but also on the security habits of staff using it in their day-to-day work and personal lives.
Many of the most successful hackings of companies and databases used social engineering to get the key information need to breach the security protecting them. Social engineering is the use of social communication and information to manipulate people into revealing key security information. The most common is fake emails asking for information, phone calls with someone pretending to be from your IT department, or even a co-worker asking for your password.
The issue here is that in business each worker is liable to a certain degree for maintaining and protecting confidential company information and data. To “work securely” not only means working on secure IT technology platforms, but also protecting yourself from hacking and a breach of confidential information whether at work or at home.
In order to work securely and remain secure while working each individual must have good information security habits. These security habits include:
Recommendation: In order to truly “work securely,” one must have and maintain good IT security habits, be correctly trained in IT security technology and use the best security technology available.
If these recommendations for working securely are followed, it becomes much easier for an organization to prevent data breaches, hackings, and other outside threats from stealing their data. These recommendations also encourage employees to do their due diligence in maintaining the organization’s security, making an IT administrator’s job much easier.