You are the head of your organization and you have spent a lot of money to ensure that all of your computers are up to date, all of your servers and software are up to date, you have an enterprise grade firewall, redundant internet connections, antivirus is applied all machines and proper backups in place for disaster recovery. You’ve done everything you can from an infrastructure standpoint to ensure your network and data is secure. Then one employee wipes it all out.
Having all of the necessary hardware and software and even process in place can’t cover a poorly trained employee or worse an employee who is intentionally being harmful and a data threat to the company.
No Train, Lots of Pain
User error happens and you can’t control that, but you can limit how big that error will be and how much it can affect your business.
You must ensure your employees are trained properly on all of the processes within the business. If they delete a file in error, make sure they understand who to contact to assist in retrieving it.
How to Work Remotely but Securely
If they need to work on a file from home, do not allow the data to leave on a mobile USB stick. These can be lost or stolen and the data on it is now vulnerable to being accessed. We’ve seen this with a number of government agencies in recent years causing taxpayers to have to monitor their credit information for the foreseeable future.
Set up proper VPN access and allow your employee to access the file from their home computer with a secure connection to the network. By doing this the file never leaves the company’s hands but can still be worked on remotely.
And if it is a must that the employee take data on a portable device ensure that device is secure with a password.
Go over your policies regularly and ensure that your staff understand them. Don’t just show them a document one time and hope they remember how to operate, remind them. Again and again.
User error happens. Put processes in place to limit the risk.
There are many times that you will have documents or files that are confidential. Maybe they are HR related or perhaps your client has information that can only be accessed by specific people. In these cases make sure you have rules in place to limit the access to files to only those who see them.
Your IT provider can easily set up rules or groups on your network based on your needs that will ensure only the right people have access the right documents.
What if one of these documents were altered in error by a staff member and you had no way of knowing? Limiting access to files limits risk.
Plug the Port
If you want to ensure that no data is leaving on a USB stick or any other mobile device and if you want to be sure that no one is loading anything harmful onto your network, have your IT provider ensure that all USB ports on computers in your network are disabled.
This is a process followed by many large corporations like banks to keep their clients information safe in their own network.
And finally, create the right culture. If you don’t act like your data is that important then neither will your staff.