none

NOBODY IS TAKING YOUR SECURITY POLICY SERIOUSLY

10-05-2017
by 
in 

So, you’ve got a new security policy in place. Maybe you read the Industry Update security features and took their advice, or maybe your IT team insisted you make sure your business was secure.

Either way, you’ve got a brand new set of rules for your business to follow, and you don’t have to worry about losing data, getting ransomware, or having information stolen. Right?

Wrong, unfortunately. Despite all your hard work, you still haven’t removed the #1 cause of technological errors and security breaches: your employees.

To be fair, firing all your employees because you’re worried about tech security is a slight overreaction. But the fact remains that no matter how comprehensive your new policies are, employees will always find a way around the rules if they are inconvenient enough.

If your security rules are making it harder, more time-consuming, or more boring to get a job done, you can guarantee that the offending steps are going to be skipped at least once a week. It won’t be malicious, and likely the employee won’t think twice about what they’re doing. Doubtless it will seem perfectly reasonable from their point of view.

How do we get around this problem? The immediate reaction is to add more rules, more checks, and make it harder for employees to skip any part of the security checks. This, however, can cost more (in terms of time and morale) than it saves, and it’s not even guaranteed to close all the loopholes. What to do?

1: Clarity

This may seem obvious, but your employees need to know what the rules are. They need to know, quickly and easily, what websites are okay to use, what devices are okay to connect, and what to do with removable storage devices. Make sure your rules are simple, clear, and easy to find.

2: Enforcing

While over-zealously policing every tiny rule infraction will hurt morale, making sure that employees don’t do what they’re really not supposed to is important. If a website is not to be visited at work, ensure it’s blocked properly. If personal devices aren’t supposed to be connected to work computers, take action when anybody connects one, no matter who they are or how long it’s connected.

3: Accomodate

Listen to the needs of your employees and adapt your rules. They need to do their jobs, and if your rules are blocking functions of their jobs, they’ll find a way around them that most likely won’t be secure. If they’re saying “we need to do X”, then find a way to make it happen.

4: Explain

Your employees also need to know why they’re following a certain set of rules. From their point of view, it might all seem irritating, obscure, and completely unhelpful, but the rules have a purpose. Make sure that explanations for each of your rules are clearly explained, and if you can, provide plausible examples of issues that occur when the rules are not followed.

5: Adapt

There are going to be breaches, mistakes, or deliberate avoidance of the rules. It’s going to happen, so the only sensible thing to do is plan for these occasions. Any robust security plan is prepared to deal with inevitable user-end errors and security flaws.

We cannot, unfortunately, expect perfect security. But with time, and practice, we can come fairly close.

Related news & editorials

  1. 13.10.2021
    13.10.2021
    by      In
    Gladstone, Queensland is reported to be the site for iron ore giant Fortescue Metals Group to develop one of the world’s largest hydrogen manufacturing hubs.
    Fortescue Future Industries (FFI) revealed their recent proposal to build a Global Green Energy Manufacturing Centre (GEM), which will... Read More
  2. 13.10.2021
    13.10.2021
    by      In
    Building on its initial deployment of four Dematic Automated Guided Vehicles (AGVs), Lactalis Australia has invested in an additional AGV for its fleet, in a bid to boost warehouse-wide efficiency at its Lidcombe Milk Site in NSW.
    “Dedicated to investing in and growing the Australian dairy industry... Read More
  3. 13.10.2021
    13.10.2021
    by      In
    The Australian Food and Grocery Manufacturers have launched Sustaining Australia TV, an online, longform news series, that showcases this vitally important industry.
    This series, produced by the AFGC in partnership with ASN Media, showcases the depth, diversity and ingenuity of food and grocery... Read More
  4. 11.10.2021
    11.10.2021
    by      In
    TROAX of Sweden announces establishment of Australian subsidiary, Troax Safety Systems Pty Ltd.
    TROAX is the global leader for design, manufacture and supply of protective fencing, machine guarding, warehouse protection and property storage systems.
    Through a network of global partners TROAX... Read More
Products
Suppliers