Your Organization’s IT Security Policy… Then Reality Happens

I was on the phone the other day with a member of the education community asking – at large – “what are our steps to ‘becoming secure’?” All of a sudden, panic struck me. Did I lock my front door? Does my Gmail password contain a child, pet or street name? Do I use the same 4 digit PIN on my iPhone as I do on my MasterCard? That’s where my head’s at – and I’m just one person.

Imagine being a CIO, CISO or Director of Information Technology of any size corporation in Canada during a data breach. The lawyers and financial experts get to deal with PCI Compliance fines ranging $5000 to $500,000. The marketing team is tasked with a plan to repair brand damage among other infuriating headaches. Human Resources must endure a lack of trust for an extended period of time between employee/employer. And, you’re the one in charge. You are the CIO, the CISO, the IT Manager, or the Team Lead depended on and being charged with: ‘what does it takes to becoming secure.’

Companies are made up of People

Honestly, every single decision proposed and actioned at least once contributes positively towards best practice. As not to then go back down my rabbit hole of anxiety, my logic is that companies are made up of people. People that companies invest time, money, responsibility, hope, growth, future… in. So, why not start there. Equip your people with reliable and robust technology so that their hard work is safe and their data is secure… and so that they don’t come after IT Leadership. Additionally, we are all too familiar with employee onboarding documents, but does anyone read the IT Security policy that stipulates if they choose to leave their laptop at the office during the evening it must be fastened to a desk using a lock? The only policy I am aware of that must be abided by is the monthly password reset and that’s just to get rid of the annoying pop-up following login. With instances like this, IT Security becomes generally thought of as reactive as opposed to proactive.

Small and medium businesses, like Enterprise and Government goliaths are made up of people. To start, these corporations are equipping their personnel with laptops and mobile devices. Furthermore, adding removable media for sharing documents even though Public Cloud storage is becoming more and more common over USBs in the modern collaborative work environment. However, resources are not dropping one – moreover – they are adding another endpoint onto their utility belt. Their backpacks, laptop bags and folios have more adaptors and wall chargers than ever before. As you start to look at a single employee’s endpoint ‘footprint,’ the numbers add up quickly. Multiply this estimate by fifty resources at your local investment bank or by two-hundred and fifty at your smaller college. One can only imagine the anxiety experienced by the incumbent charged with the task: “get this under control.”

Your Organizations IT Security Policy

Even with the best adherence to your organization’s IT Security policy – reality happens. Can you rank employees by how important their title is and then only to secure their data? And, then only to discount that data is shared, downloaded, produced at unimaginable rates. For example, everyone in the office shows up on a Tuesday post long weekend: three individuals from payroll have forgotten their passwords and your CMO had her laptop bag moved by the cleaning staff with one laptop, two USB keys and an external portable hard drive with great new video collateral created by four members of her team. Eight people are now at the whim of your corporations IT Security practice. Taking full advantage of the functionality of a centrally managed endpoint encryption solution, the three resources managed to authenticate using self-help questions and the CMO’s bag re-appeared, but not before IT blew the lock off the three end-points as a precaution if the bag had not managed to walk back in the doors of the office it belonged to.

Albeit this seems like a rather extreme Tuesday, this is just simply everyday life in a corporation of any size. Where do you even start with becoming IT secure? As iterated before, every step counts – so start lacing up those shoes.

Previous Post
RSA Security Conference 2017 and the Cloud
Next Post
Keep Data on the Right Side of the Law with Encryption