Ask yourself and your friends about what makes them unhappy with their computers and Internet access at work and chances are you’ll hear the same thing over and over: Security. IT security issues demand limitations on accessible software and services to minimize the chance of network compromise. Is there a better way to increase overall IT satisfaction while staying secure?
The Employee Issue
As noted by Fortune employees remain the “weakest link” in IT security. Some refuse to change their passwords while other access unauthorized cloud services to speed project completion. Opening malware-infected email attachments also remains a huge problem. In fact, employee issues have become so pervasive that malware strains like “EduCrypt” have emerged: Based on the Hidden Tear ransomware this infection locks down just 41 file types, tells users they’ve been hacked and then provides instructions on how to decrypt the locked data. Bottom line? End-users unwittingly hamper their own efficacy and are often a massive headache for security pros.
So how do companies address IT security issues? It starts with big picture items like BYOD, shadow IT, phishing emails and password security. When it comes to BYOD, for example, it’s a good idea to establish rules of conduct for employee-owned devices on the corporate network in addition to the requirement of remote-wiping software in case a phone is stolen or hacked. Shadow IT can be minimized by giving employees a chance to voice their opinion about which services benefit their bottom line, while regular training and testing limits the efficacy of phishing scams. Last but not least? Take a hard line on passwords: Mandate 8+ characters with no repeated numbers or letters and require regular revisions to ensure compliance.
It’s also a good idea to adopt some kind of 2-factor authentication, which requires employees to provide both a password and one-time code sent to a mobile device. Search giant Google, for example, now offers what they call “2-step verification” for all accounts; even encouraging this effort can greatly improve your security landscape.
The problem? Going big gets you a “satisfactory” on the IT security scorecard but chances are execs and employees still aren’t happy. Here’s why: The methods described above rely on employee action to guarantee success — but staff members aren’t IT experts. On the flip side, you don’t have enough security professionals to seek out device problems one by one and eliminate all potential holes.
The solution? Get small with end-user security analytics. Instead of asking employees to change their password or report on specific security issues, real-time security monitoring tools let you instantly detect abnormal behaviors, verify suspicions about shadow IT and never lose sight of any device on your network. This kind of granular knowledge is power: If you’re in the know about what’s being accessed, when and how, you’ve got the power to prevent most compromises and limit the impact of any that breach the network.
Security is a never-ending effort for IT staff and employees alike: Improve the mood by taking big steps to solve obvious problems and going small to uncover more insidious issues.