Employee action, AKA, human error is to blame for at least 52% of data breaches and hacking events in the United States.
secure IT systems are critically important, but what is your company doing to combat the number 1 cause of costly IT system breaches?
Fortunately, there is a quick, easy, and inexpensive way to eliminate the vast majority of this type of breach. This tool, in a matter of minutes, can take a group of technological illiterates, and turn them into an IT security force that would be the envy of any Army. If implemented properly, this tool will train every employee in your organization who touches a computer, to recognize and react to breach attempts properly. It will also ensure that if suspicious activity does occur, it is reported to the proper authority to react to it quickly and minimize damage.
So, one might ask, what is this miracle tool?
Is it a multi-thousand dollar software package that takes a team of technicians to implement?
Is it a several hundred dollars per hour consulting contract that raises your systems to top secret, intelligence agency levels of security?
No…. it’s neither of these. In fact, it’s a document. It’s called an Employee Acceptable Use Policy for IT Systems.
If your company doesn’t have an Acceptable Use Policy, you can’t very well expect your employees to act properly in the face of the myriad of technology threats they face, because you haven’t provided them with the information they need to do so. Even if your company does have a policy, chances are it was written only to protect the company from its employees using systems for illegal or immoral purposes. When was the last time it was reviewed to determine if it trains employees about what a phishing attempt is and how to react to it? When was the last time your employees were required to read it in order to refresh their memories on what threats are out there and what to do about them?
In addition to directing employees regarding what is, and is not permitted on your company’s IT resources, this document should serve as a training document that teaches employees about all the different types of threats they might encounter, what they look like, and what to do if they are encountered. It should also be updated regularly, and policy should be put in place whereby employees are required re-read it regularly, at least every 6 months and document that they did so. This can be done as easily as an e-mail sent from a manager to read the policy and a return e-mail from each employee after they have done so.
If your organization needs help formulating a strong, useful Acceptable Use Policy, that is one of the services we offer. In the case of our Premium MD-Care clients, it is one of the standards that we implement as soon as possible after engaging with the client. But anything is better than nothing. If you don’t currently have a policy, download something from the Internet, customize it as best you can, and direct your employees to read it. You never know, that little action just might save your company from going out of business due to a catastrophic data breach.
Written by: David Daichendt, COO