It’s official: end users are the weakest link in the IT security chain. You can set up a firewall, encryption, anti-virus software, and password protection up to your ears, but it won’t save you from the employee who posts his access information to a public web site.
Most security breaches, viruses, spyware, and other network problems are a result of human error—an end-user unknowingly downloading an infected file, e-mailing confidential information, or disabling their anti-virus, to name a few.
So what is a company to do? While there is no surefire way to keep end-users from making mistakes, you can dramatically reduce the number of problems by creating an acceptable use policy (AUP) and training your employees on what is and what is NOT acceptable behavior.
But if you want your employees to actually adhere to your security policies, here are a few tips:
- Keep it simple. A long, confusing policy that looks like a legal document is about as easy to read as the instruction manual for your digital camera. Make the policies clear and easy to read. Give examples and include screenshots where necessary.
- Provide group training. Many companies make the mistake of distributing their AUP by e-mail and telling employees they must read it on their own. This gives the employees the option of NOT reading and simply signing and submitting. You don’t need hours of classroom training but a simple 15 or 20-minute session will force even the most reluctant users to learn a thing or two.
- Keep employees updated. To add to the above tip, make sure you update employees on a regular basis to keep the policies fresh in their minds and to educate them about new threats.
- Explain the consequences of not following the policy. This is both explaining the negative effects on the business as well as disciplinary actions that will be taken if they refuse to follow policy. Occasional violators should be warned, and habitual violators should be disciplined.
- Monitor their behavior. The best policy in the world won’t work if it’s not enforced. There are many tools on the market that can do this for you automatically.
If you have questions related to this topic or IT issues in general, please feel free to contact us using the information provided below
Telephone: (408) 400-0232