It happens in a variety of ways.
A conscientious employee has trouble remembering her password. So she keeps it on a post-it note located under her keyboard.
The marketing manager, who’s been with the company for more than a decade, has new ideas to bring in more clients. But he can’t do his job effectively with the old systems in place. The new app he found works perfectly; he has his entire sales team download it and use it every day.
Even the executive team isn’t immune. They listen to the message IT brings to the table. They issue letters and emails with their names at the bottom. But consequences for when the worst happens rarely materialize.
IT managers today have a difficult job. On one hand, they offer flexibility to ensure business gets done. On the other, they must create an environment that not only prevents existing threats from happening, but also to anticipate future threats that may occur. They know threats are very real. They also know where the biggest problems exist:
- Vulnerable applications are used every day, in every department
- Security patches are often out of date or not downloaded at all
- Encryption isn’t used in appropriate places
- Passwords are weak and vulnerable
- Employees simply aren’t aware of the threats around them
Yes, even though the news is filled with stories about hackers infiltrating company systems and wrecking havoc throughout, a company’s largest threat continues to be from within. And there is only one way to decrease the risk; enforce stricter policies from bottom to top.
Employees Are The Weakest Link
People never intend to jeopardize their company’s security. People are simply creatures of habit and want to do their jobs the easiest way possible. They don’t want to forget passwords, so they stick with the familiar and store them in easy to find places. They ignore emails and updates about threats and risks, especially when they don’t understand the steps they’ll have to take.
Mid-Level Managers Focus On Results
Mid-level managers have jobs to perform and quotas to meet. They have to produce quality work on time and on budget every day. And if a new program or app makes that job easier, so be it. It can be frustrating to wait for IT to give their approval. And if their teams are using their own smartphones or tablets anyway, why should they worry about getting approval before downloading and using it? Shadow IT is a real problem and can open up unlimited vulnerabilities with a company’s data. It may take an uncompromising stance to stop shadow IT in its tracks, but it’s the best way to keep information safe.
C-Level Managers Must Set The Tone
C-level management hires a team for their experience and expertise. And when push comes to shove, they must support everything they do. For IT security to be effective, a company’s policies must be outlined and defined. When rules are broken, consequences must be faced. That means C-level must be behind it, support it, and enforce it.
For IT to be effective, it takes the entire team. From development to enforcement, it requires positive action to not only get the job done, but to do so securely. There are no exceptions. If you let your guard down even one time, that’s all a hacker needs.