11 Jul Ensure a Secure and Positive Employee Data Use Policy
Whether your company is large or small, every employee can play a role in protecting the organizational network and company data. The trick is to adopt and implement a clear, respectful security protocol that promotes employee buy-in from start date to end date.
Why now? Where company networks are concerned, most organizations have nothing to fear from their past or present employees. However, the U.S. Department of Homeland Security recently issued a public service announcement that pointed to a rise in insider threat — indicating, if nothing else, a general need for proactive, positive, employee IT security protocol.
How can you ensure your network security strategy protects your organization without jeopardizing morale? Here are a few top ways to prioritize network and data safety as part of a mutually respectful policy.
1. Make network protection an enterprise-wide issue: The number-one best practice is to undertake an enterprise-wide risk assessment, according to the The Insider Threat Blog at Carnegie Mellon University. The assessment team should include HR, financial, legal, and IT to develop responsive and preventive procedures. With this interdepartmental collaboration, you can create a policy that is the most effective and positive for your unique corporate culture.
2. Engage employees in keeping your network and data secure. When you roll out new security protocols and technologies, take a page from the change management playbook and enlist employees in seeing how the new procedures will benefit their work. Most will respond favorably to being part of an organization that takes pride in ensuring confidence in its IT practices, and communication about security protocol may discourage potential internal wrongdoers.
3. Invest in forward-thinking security software. Virtual desktop infrastructure (VDI) can help, although this desktop approach isn’t a good fit for every organization. Another option is to extend security with new programs such as Citrix’s PrivateEye. This facial recognition software automatically blurs the computer window display when the user becomes inactive, and can even detect someone is looking over the user’s shoulder. Such programs can give users confidence that their information isn’t easily viewed, and therefore improve their productivity.
4. Implement strong security access protocol. If a user doesn’t need daily access to a particular application or database, then consider terminating their access.
5. Provide a rock-solid employee exit policy for information security. Create standard procedures for exiting employees. Best practices include not only terminating access credentials, but also wiping or decommissioning data and applications from the former employee’s personal devices. The faster and simpler, the better. The goal is a good clean handshake for all.
With some high-level organizational thinking, you can keep your employees on board with network security throughout every step of their journey with your company.