Tesco Stores has obtained a unified, guaranteed IP VPN service for its retail chain stores throughout the entire Central and Eastern European region.CLICK HERE
Secrets of cyber security: Information security in your company
The modern employee enjoys an almost unlimited, 24/7 access to key information stored in the corporate systems of his/her employer. Applying appropriate rules will prevent your company from the related risks.
Facilities that enable every employee to use business applications at any time promote higher productivity, but also leave room for abuse. However, excessive limitations to the use of IT solutions reduce employee productivity.
All these implications make the modern manager face a difficult dilemma: how to secure corporate systems and how much autonomy should employees have?
You have to decide on your own, but while doing it, stick to some basic rules.
There is no trust without control
Even the smallest company should operate a monitoring system to supervise the actions of corporate system users. Trusting your employees completely does not release you from legal liability for cybercrimes committed by them, whether on purpose or involuntarily. Without an appropriate system, your company is exposed to a huge risk and has no possibility to analyze the effectiveness of its IT solutions. A study conducted by PwC shows that it is the current or former employees who are responsible for as much as 70% of all cybersecurity abuse cases. Note that at least part of them happen completely involuntarily, which should encourage companies to add another “fuse” to their system.
Monitor the behaviors of all employees
One of the most common mistakes made at the development stage of security systems is partial or even total exclusion of top level employees from control. Yet due to their mobility, ability to work at different hours, logging in to the network outside of the office, they are most vulnerable to attacks by cybercriminals. Because of the access rights to key systems, involuntarily or purposefully breaching security rules by top level managers may be the most harmful to the company. Not to mention the fact that managers are not free from personal flaws. What is more, they are particularly exposed to various temptations that may lead, for example, to blackmail.
Include all devices used by the employees in the control system
Efficient employee monitoring system must include all staff members and all devices used by them at work. The development of internet and mobile technologies has enabled users to perform their duties with the help of various devices featuring different security solutions. Without supervising the mode of access to corporate applications, even the most advanced security system will remain vulnerable. This particularly applies to employees who work out of the office. VPN networks are one of the most popular ways of securing employees, allowing them to connect only with the use of company equipment featuring a full set of security solutions and upon entering a correct password. If for any reasons the employee does not have company equipment at hand, he/she can use the so-called virtual desktop that is separated from the company's system environment.
Even the most robust control system needs training support
Almost every new employee must go through a series of more or less formal training sessions, including those on IT security. In most of the companies this is the only time when employees come across this subject matter. And it is a big mistake! Employee knowledge on cybersecurity should be constantly supplemented and updated. It should include not only the safety procedures, but also the ways of handling relations with third parties.These, in turn, should contain instructions related to the control of access to company facilities, participation in public meetings or publishing information about the company on the internet.Such routine trainings help to maintain an appropriate level of security, but at the same time also bring measurable savings. According to a study conducted by PwC, regular employee training in the field of cybersecurity reduces IT security costs by 76%.
Even the most robust system is as effective as its weakest link. When it comes to cybersecurity, it is the IT system users that are its weakest element. Therefore, no matter the organization model or culture, all employees should be constantly controlled and supervised by means of a continuously updated system.