Friday, June 08, 2012
The latest generation entering the job market has grown up with a wide array of portable devices available to them, such as laptop computers, smartphones and tablets. In turn, they have progressively integrated many of their daily living activities with the use of this technology, essentially blurring the traditional lines between work time and personal time. As this concept takes hold, a natural workplace progression appears to be occurring, as employees are more frequently requesting to use their personal devices for work applications.
While there are many pros to this arrangement, there are also many security considerations that need to be addressed before adapting a carte blanche approach toward policies governing the use of personal devices in the workplace.
Best Practice Cyber-Security Guidelines
While some companies hire a cyber security expert consultant, typically holding an M.S. in Information Technology and several years of experience in cyber security, many companies simply follow general best practice guidelines regarding policies that regulate the use of personal devices for work-related application.
In smaller and startup companies, establishing and following common-sense procedures is often the first step in establishing a quality cyber security policy. Here are some positive “Do’s” when establishing cyber security protocol:
· Password protect the company Intranet; require employees to password protect their devices.
· Coordinate level of access with employee title and job duties.
· Clearly articulate guidelines and expectations for use of personal devices at work in writing; generally speaking, employees should sign an agreement.
· Be clear about privacy issues (i.e. are all applications subject to monitoring).
· Offer periodic training to keep cyber security at the forefront of employee awareness; establish an open dialogue; be clear about employees’ roles and responsibilities related to cyber security.
· Establish clear protocol for reporting, documenting, and following through on a security breach.
When the company culture underscores the importance of cyber security and involves all team members in an active role toward protecting business assets, team engagement is generally more comprehensive. Fostering an open learning environment where ongoing dialogue related to policy is encouraged, employees become invested in the process of keeping company information safe and secure. The more a company’s employees understand cyber threats, the more empowered they will be to recognize possible breaches in security.
Trust and Team-building in the Workplace
While allowing employees to bring their own devices to work can save money and may increase worker productivity, there are still those that may take advantage of that trust. Companies should test out smart policies that are high in proactivity and light on discipline. However, strict action should always be taken in situations of outright and purposeful policy violation.
Many employees today are accustomed to blending the personal and professional; smart employees want to do their job efficiently and effectively. The vast majority of employees shouldn’t be considered outright threats to cyber security, but they still need the best practice knowledge to recognize and avoid the threats. Creating policies that are comprehensive, but not cumbersome is an essential component of best practice when it comes to promoting cyber security. In general the most common workplace threats fall into the following categories:
· Undetected phishing and/or malware
· Loss/theft of property that was not password protected or data that was not encrypted, such as a lap-top or a USB drive
· Accidental intrusion from sources that, at first, appear legitimate (such as fraudulent, phony virus protection update notification)
· Lack of updated virus protection/firewall protection – updates should install automatically on these devices
While no policy or piece of information can prevent all cyber attacks, creating a corporate culture with clear guidelines, expectations, and shared responsibility can go a long way toward creating a strong and unified team when it comes to protecting sensitive information. Investing in training that brings all team members up to speed and offers the tools to identify and react appropriately toward cyber security threats can create a unified front. Effective training may be a company’s best strategy when it comes to bolstering cyber security, especially as the use of personal devices in the workplace continues to expand as a cost-saving business conception.
This article was contributed by Jonathan Azares, who works for University Alliance and writes about various cyber security topics. He’s currently enrolled in a master’s program in cyber security.
POSTED AT: 10:30:00 AM