Site icon IT World Canada

Two projects to improve IT security without using software

data security,privacy,security

Image courtesy of Shutterstock.com

Imagine if an invisible thief could break into your home and start stealing your possessions. That’s one of the threats posed by inadequate IT security. The pain and loss of poor IT security practices cost a great deal.

Let’s illustrate the scale of the IT security challenge:

Clearly, IT security failure are expensive. For many in the technology community, the default reaction is to invest in security software and hardware. Better security technology is absolutely vital. Technology is part of the IT security puzzle. Training staff on IT security best practices is arguably even more important to securing your organizations’ information assets.

The following projects are excellent ways to reinforce IT security. Best of all, they require little to no money to implement. To experienced security professionals, these may seem like basic ideas. However, I challenge you to ask yourself: is my organization successfully implementing these ideas?

IT Security Project 1: Organize a security briefing For your department

Knowing is half the battle. To improve IT security, employees need to understand the fundamentals of security. Here are some starting points for an introductory security briefing:

IT Security Project 2: Implement a system access review

How many different applications, systems and IT resources does your company have? Staff at small organizations typically have more than half a dozen logins to manage. Follow these steps to improve your risk management relating to system access:

1) Create A System Access List.

The first step is to ask each employee to list the applications, systems and other resources that require a login. Also ask them to list the reason they use a given resource (e.g. Finance System. Use: Prepare quarterly financial statements for management).

2) Identify Access Rights For Elimination.

Over time, job responsibilities shift and evolve. Use this step to ensure that your IT security keeps pace. Using the system access list created in step one, evaluate whether there are system rights that can be eliminated. For example, if a sales representative resigns from the organization, it is important to eliminate their system access rights as a proactive way to prevent information loss.

3) Schedule An Annual Review.

To maintain IT security, I recommend an annual review of system access rights and privileges. Large firms may already have this requirement in their policies. Ask yourself about the last time you implemented a review. If you skip this step, your IT security will gradually deteriorate.

My question to you is: What is one critical behaviour that improves your organization’s IT security?

Exit mobile version