Are You Sure Your Company’s Information Assets Are Safe?

Many employees are aware of the larger security issues such as locking office doors when they leave but neglect the areas of potential loss which could have a far long-term impact on the company – such as the information stored on their computers.

Employers need to make sure that their staff receives security awareness training to prevent breaches of confidentiality and the subsequent damage this could cause. Staff members generally are more careful with hard copies and ensuring the security of filing cabinets and access thereto. Unfortunately, many employees forget about the digital data they leave vulnerable to theft and disclosure.

Training therefore should be kept simple, basic and straightforward and include security of information. The security procedures should be outlined and checklists for compliance by employees should be included with annual staff evaluation scores. Management and supervisors need to check that policies are implemented to the letter. Security “rules” could be pasted on office doors to remind employees of the security code they have signed. Messages like “Have you switched your PC off?” on the exit doors of the building should ensure forgetful or non-compliant staff returns to their workstations.

Employees could sign a monthly report or questionnaire designed to keep security issues at the forefront of their minds. The questionnaire should be filed in their personal files and include questions such as “Have you changed your password this month? “ This one-on-one meeting with their supervisors provides a good opportunity to remind employees of their responsibility regarding security within the company.

Employees can be instructed to take back-ups of their information and run virus scans, perhaps on every Friday and report any virus alerts from anti-virus software or spyware immediately to their supervisors. Any changes to the company security policy should be in writing and employees should sign the same indicating that they have received, read and understood its contents.

Management’s expectations must always be clear and consequences for the contravention of policy outlined. The reasons for each procedure should also be clear to staff. Supervisors can work with their subordinates and brainstorm case scenarios, for example, as to what would happen if the company’s accounting system crashed. Staff could be involved in finding ways to avoid or prevent such disasters from occurring. Staff members who have been involved in policy formation generally own and support the policy more than they would if it was simply enforced by the top management.

It is important, in line with security awareness training that key staff members have an understudy or assistant that they train. It is never a good idea to rely on one skilled employee to cover security issues; for example, the management of malware avoidance. If you lose the expert, there will not be anybody to immediately take up his/her place.

It is a fatal management error to assume that everybody should be aware of security risks and threats. That assumption could cause management to fail to ensure that security procedures are included in the staff code of conduct. This would result in staff declaring ignorance of procedures in their defense.

By: Information Security..

Article Directory: http://www.articledashboard.com

Information Security s leading hands-on approach to training as well some of the most hardcore penetration testing certifications around for security awareness training.